From owner-freebsd-security@FreeBSD.ORG Sun Sep 16 21:27:45 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 56F221065673; Sun, 16 Sep 2012 21:27:45 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 884951550DA; Sun, 16 Sep 2012 21:27:34 +0000 (UTC) Message-ID: <50564446.80606@FreeBSD.org> Date: Sun, 16 Sep 2012 14:27:34 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:15.0) Gecko/20120911 Thunderbird/15.0.1 MIME-Version: 1.0 To: Mark Murray References: <50453686.9090100@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> In-Reply-To: X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Ian Lepore , Ben Laurie , freebsd-security@freebsd.org, RW Subject: Re: Proposed fix; stage 1 (Was: svn commit: r239569 - head/etc/rc.d) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Sep 2012 21:27:45 -0000 On 09/16/2012 09:21, Mark Murray wrote: > Part 1 of the fix is enclosed; it involves drastically shortening the > input into /dev/random (the "kickstart") at boot time. There are time > implications that I'd like to hear any objections to. I remain convinced that chunking the input so that we don't overflow the buffer is a better solution than truncating it (whether that is by the use of a hash, or other means). I also think that Ian has made several good points about the need to avoid hashing for low-end systems, and I have made the suggestion to split the initrandom commands into "safe for all" and "only for higher end systems" components in part to address Ian's concerns that some of the commands we have are real drags on low-end systems. There are several ways that we can do the chunking, one cheap way would be to run the commands in a loop with a 'sleep .1' after each to give the buffer time to drain. Finally, I still think that making changes to the entropy-feeding methods in initrandom or random are premature until we have a chance to review Arthur's work on what's actually happening with the buffer. Until we know where the problems are, we're only guessing as to what the fixes should be. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909)