From owner-freebsd-security@FreeBSD.ORG Wed Sep 5 01:12:58 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 906A8106566C for ; Wed, 5 Sep 2012 01:12:58 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id D8DA98FC14 for ; Wed, 5 Sep 2012 01:12:57 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so5596395wgb.31 for ; Tue, 04 Sep 2012 18:12:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=inP/GwrTGCWex9ZMA4QOsh8+46iYFNxQnjYCZcGpLas=; b=Cr7hUcV1NsNIquI4jkLUfBS0IlGE0Vpj588EMin1y0I7DpIFZKwlwGLpMOw9n8zvLU RsPKpJDc28GjWMVaEzhe8vhuRZcRfCk0J2EH6rB82i9aVYwtMDjW4XiHAVh97vZDtLX5 DHilp2nJy0+1hbGCm7RErnWK7Q8ijtyVCW+oeGuiplyheNdTDfZlMj5c267YyXjQIcNk OoruEzkNe2KSjTOQ1aSuH5SZiiTy3/lVuDaUh2MHHvpQIlsE6rI7ioMRKcAMzxOu/PlX TltcCwIS1nUhvVej9iaHxD5u0I76OAUDPuYfLRthjReUhJkjk3MweTnPSF4PqG7bc49r dHBQ== Received: by 10.216.241.200 with SMTP id g50mr12206761wer.79.1346807571153; Tue, 04 Sep 2012 18:12:51 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id t8sm26700517wiy.3.2012.09.04.18.12.49 (version=SSLv3 cipher=OTHER); Tue, 04 Sep 2012 18:12:50 -0700 (PDT) Date: Wed, 5 Sep 2012 02:12:48 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120905021248.5a17ace9@gumby.homeunix.com> In-Reply-To: <50468326.8070009@FreeBSD.org> References: <201208222337.q7MNbORo017642@svn.freebsd.org> <5043E449.8050005@FreeBSD.org> <20120904220126.GA85339@dragon.NUXI.org> <50468326.8070009@FreeBSD.org> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: svn commit: r239598 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2012 01:12:58 -0000 On Tue, 04 Sep 2012 15:39:34 -0700 Doug Barton wrote: > and given what Yarrow does to > obfuscate the internal entropy state I'm not confident that hashing > the input is either necessary or desirable. All of the low-grade entropy should go through sha256. Anything written into /dev/random is passed by random_yarrow_write() 16 Bytes at time into random_harvest_internal() which copies it into a buffer and queues it up. If there are 256 buffers queued random_harvest_internal() simply returns without doing anything. The yarrow kernel thread moves all of the entropy queues into a local queue, processes that queue and then pauses for 100ms and loops. That means that each time around the loop only a maximum of 4096 bytes can be processed. Anything after that is discarded. It seems very likely that /entropy is completely discarded most of the time, which means that the first 4096 bytes of " ps -fauxww ; sysctl -a" is the only entropy that makes it through to yarrow, and that's practically nothing. On a sufficiently fast system the entropy buffers may still be saturated when rc.d/random runs, so in theory they could be lost too. And embedded doesn't necessarily imply slow. I'm not overly concerned about this because anything that doesn't generate enough entropy naturally, increasingly tends to have a hardware generator, but it's easy to fix it, so it should be fixed.