From owner-freebsd-security@FreeBSD.ORG Sat Jul 19 22:25:08 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A6E26832; Sat, 19 Jul 2014 22:25:08 +0000 (UTC) Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by mx1.freebsd.org (Postfix) with ESMTP id 347FF24AC; Sat, 19 Jul 2014 22:25:07 +0000 (UTC) X-AuditID: 12074422-f79be6d000007518-f3-53caf03d4c5d Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 8E.2A.29976.D30FAC35; Sat, 19 Jul 2014 18:25:01 -0400 (EDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s6JMP0cD031684; Sat, 19 Jul 2014 18:25:00 -0400 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s6JMOvs5012143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 19 Jul 2014 18:24:59 -0400 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s6JMOvNf022895; Sat, 19 Jul 2014 18:24:57 -0400 (EDT) Date: Sat, 19 Jul 2014 18:24:57 -0400 (EDT) From: Benjamin Kaduk To: Steven Chamberlain Subject: Re: Speed and security of /dev/urandom In-Reply-To: <53CAEB1E.2020401@pyro.eu.org> Message-ID: References: <53C85F42.1000704@pyro.eu.org> <53CAEB1E.2020401@pyro.eu.org> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrAIsWRmVeSWpSXmKPExsUixCmqrGv74VSwwbSXfBbfJs1gtejZ9ITN YsGlKewOzB4zPs1n8Tj6/hdTAFMUl01Kak5mWWqRvl0CV0bf6vlMBVdZKj6uW8vUwHiXuYuR k0NCwERizeGprBC2mMSFe+vZuhi5OIQEZjNJrL3wgwnC2cgo0dF7hBHCOcQkseziHRYIp4FR 4kfvbLB+FgFticYtkxhBbDYBFYmZbzaygdgiQPHz/2axdzFycDALFEnc2mwFYgoL6EtsPiQN YnICVXQ/9QQp5hVwlGhZ+ADsOCGBPkaJ2X9LQGxRAR2J1funsEDUCEqcnPkEzGYWsJQ49+c6 2wRGwVlIUrOQpBYwMq1ilE3JrdLNTczMKU5N1i1OTszLSy3SNdXLzSzRS00p3cQIClh2F6Ud jD8PKh1iFOBgVOLhfXn6VLAQa2JZcWXuIUZJDiYlUV6vd0AhvqT8lMqMxOKM+KLSnNTiQ4wS HMxKIrw/WoByvCmJlVWpRfkwKWkOFiVx3rfWVsFCAumJJanZqakFqUUwWRkODiUJ3uUgQwWL UtNTK9Iyc0oQ0kwcnCDDeYCGvwWp4S0uSMwtzkyHyJ9iVJQS520HSQiAJDJK8+B6YQnlFaM4 0CvCvHtBqniAyQiu+xXQYCagwdLlx0EGlyQipKQaGLUq3TiUS3TjEoUmHHE6+jRO9faT2+dT sibFi4Z++HCn5sc9t3nzmk1yV1S0Hj1RULRvc8oX0Zhjzv/kw7f8/Vz7YqXksZQdTSHVbQdq 1lxWztnfJPdPJHbGjiBVTqnELJ6/aXFHFoemFkieEdiQGV5SdWz9NTG3VScy83RnLO2w6l5f MvmVoBJLcUaioRZzUXEiAB8NZQcDAwAA Cc: Ben Laurie , "freebsd-security@freebsd.org security" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jul 2014 22:25:08 -0000 On Sat, 19 Jul 2014, Steven Chamberlain wrote: > Or if we're worried about draining entropy too quickly from the CSPRNG, > a non-privileged user could do that anyway from /dev/urandom, or it may > happen when a server doing crypto work is under stress? Can we please disabuse ourselves of the notion that entropy can be "drained too quickly" (or even drained at all) from the CSPRNG? Once properly seeded, it produces unpredictable bits. Period. It does not matter how many bits are output (well, for achievable quantities of output); the bits are still unpredictable. -Ben