Date: Tue, 13 Apr 2004 23:12:46 +0100 From: Mark Murray <markm@FreeBSD.ORG> To: Charles Swiger <cswiger@mac.com> Cc: freebsd-current@FreeBSD.ORG Subject: Re: dev/random Message-ID: <200404132212.i3DMCkIn002507@grimreaper.grondar.org> In-Reply-To: Your message of "Tue, 13 Apr 2004 17:02:07 EDT." <D30E2B24-8D8D-11D8-B697-003065ABFD92@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Charles Swiger writes: > > You don't get to assume the existance of rc.conf until after > > initdiskless runs. > > And Mark Murray referred me to diskless workstations as well. OK. > > From what I remember, one used BOOTP and TFTPD to provide a > standalone executable (for an X11 terminal, say) or a kernel, and the > latter would then perform an NFS mount to obtain a root filesystem > and an init program to run, which would then call the RC mechanism > to mount more filesystems and do whatever else is needed to boot the > system. Correct. > [ By the way, I did not find documentation in rc.8 which mentions > initdiskless as a special case, but perhaps it might be worth > referring to diskless.8 from the former manpage. ] Good point. Documentation deficiencies are well worth mentioning (in painful detail!) in docs-PRs. Either that or if it is RNG-specific, bug me into doing it! Patches most welcome. > Anyway, if /etc/rc.d/initdiskless is available, you've got a root > filesystem to read from, so can't one nudge the diskless client's > /dev/random using entropy from a file stored on it? Consider a PC in a University's PC access hall/lab. Would you (paranoid as you are!) trust _anything_ on that machine's hard disk? (There are no right/wrong answers here. See below). > Or perhaps the /usr/share/examples/diskless/clone_root script could > call mknod to create a clone of the server's /dev/random device under > the diskless root directory, to provide different "real" entropy for > each diskless client? How much network-snoopable traffic will you trust? On _your On_ network? _your_library's_ network? > Both of these suggestions are made under the assumption that one can't > simply make /dev/random readable without being nudged, and one cannot > utilize rcNG dependencies to start /etc/rc.d/random properly (ie, > before something want to use /dev/random) for the reason that Brooks > mentioned above. :-) Understood! I'm RIGHT with you. This is EXACTLY the way I designed this system. In order to start /dev/random, you need trustable entropy. Numbers read in the clear over the network are public information. So is (potentially) the content of public (library, computer lab, internet cafe, &c) hard disk. What then? PC-generated entropy? But PCs have almost NO entropy. Keyboard and mouse entropy is good but very sparse, so you can use it to start machines, but if you do it properly, you need to annoy users into doing random keyboard activity or mouse movements. (/me sees a PC-lab system that requires a user to jiggle the mouse ENOUGH in order to "wake up" the computer (ie reseed the RNG)). What else? Hardware randomness? Not much is available; you need to be specific about the hardware you purchase. What to do? The answer is not in the singular. "What is my threat model?" gives each specific site its answer, if the question and its answer are evaluated IN THE ISOLATED CASE OF THAT SYSTEM. M -- Mark Murray iumop ap!sdn w,I idlaH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404132212.i3DMCkIn002507>