From owner-freebsd-hackers@freebsd.org Fri Jul 13 13:51:54 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94652103D18C for ; Fri, 13 Jul 2018 13:51:54 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound1b.ore.mailhop.org (outbound1b.ore.mailhop.org [54.200.247.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1F70C86CBE for ; Fri, 13 Jul 2018 13:51:54 +0000 (UTC) (envelope-from ian@freebsd.org) X-MHO-RoutePath: aGlwcGll X-MHO-User: e160cb0e-86a3-11e8-8837-614b7c574d04 X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound1.ore.mailhop.org (Halon) with ESMTPSA id e160cb0e-86a3-11e8-8837-614b7c574d04; Fri, 13 Jul 2018 13:51:46 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id w6DDpiau044324; Fri, 13 Jul 2018 07:51:44 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1531489904.66719.43.camel@freebsd.org> Subject: Re: Limits to seeding /dev/random | random(4) From: Ian Lepore To: cem@freebsd.org, Dirk-Willem van Gulik Cc: "freebsd-hackers@freebsd.org" Date: Fri, 13 Jul 2018 07:51:44 -0600 In-Reply-To: References: <3A988D26-7B08-4301-8176-B0ED8A559420@webweaving.org> <1531317515.66719.20.camel@freebsd.org> <20180712165751.1e5b8e24@gumby.homeunix.com> <7C42CD28-078F-4AF6-90F2-5E951F8386D5@webweaving.org> <55685C1F-4711-40C7-8EB4-2930BF8C9884@webweaving.org> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.18.5.1 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2018 13:51:54 -0000 On Thu, 2018-07-12 at 11:40 -0700, Conrad Meyer wrote: > Identical results are very troubling.  Maybe your readonly > filesystems > contain a static "entropy" file that is being fed in every boot (with > identical contents)?  If so, you definitely want to remove that > during > image generation.  That, in tandem with few other sources of entropy, > could explain identical results. I have been reporting for years that certain kinds of embedded systems lead to zero entropy available at boot, including the fact that the kernel's attempt to harvest entropy from things such as device attach timings and so forth are, in some situations, completely ineffective and yield numbers that are identical from one boot to the next. I even posted logs of it happening years ago. Still, people just find the whole idea of this sort of reproducibility so gut-level counter- intuitive that they dismiss and deny it. It happens. Embedded systems are a different world, and if entropy is important, sometimes we have to go out of our way to provide some. -- Ian