Date: Sun, 02 Nov 2014 06:22:59 -0700 From: Ian Lepore <ian@FreeBSD.org> To: Mark R V Murray <mark@grondar.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= <des@FreeBSD.org> Subject: Re: svn commit: r273958 - head/sys/dev/random Message-ID: <1414934579.17308.248.camel@revolution.hippie.lan> In-Reply-To: <720EB74E-094A-43F3-8B1C-47BC7F6FECC3@grondar.org> References: <201411020201.sA221unt091493@svn.freebsd.org> <720EB74E-094A-43F3-8B1C-47BC7F6FECC3@grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2014-11-02 at 09:45 +0000, Mark R V Murray wrote: > Hi DES, >=20 > I=FFm scared witless of this being on-by-default, for the reason given = in the removed comment. I=FFd much prefer to see it only turned on if a k= ernel option is set, and the embedded folks /et al/ can use that. >=20 > Please reinstate the #ifdef RANDOM_AUTOSEED, and set a kernel option to= turn it on. Please also leave the comment; summarily turning on an unpre= pared generator is not going to be obvious to anyone but an attacker. >=20 > Moving the point of the auto-firstseed to where is good, thanks. >=20 > M >=20 To give you some idea of how usable this new stuff is on a system that isn't an x86 server or someone's desktop or laptop... after commenting out the postrandom so that a board would at least boot (but before DES' resend change), I left a board sitting idle at the login prompt. It was somewhere between 40 minutes and an hour before I saw this: FreeBSD/arm (rpi) (ttyu0) login: random: reseed - fast - thresh 96,1 - 0 48 0 0 0 130 0 0 620 0 0 = 0 0 0 0 0 0 0 0 0 random: reseed - slow - thresh 128,2 - 0 44 0 0 0 130 0 0 619 0 0 0 0 0 = 0 0 0 0 0 0 random: unblocking device. Securing a system against some theoretical attack has value only to the point where the system is no longer usable at all. At that point you kind of have to declare the attacker the winner, and he didn't even have to actually launch an attack. -- Ian > > On 2 Nov 2014, at 02:01, Dag-Erling Sm=B8rgrav <des@FreeBSD.org> wrot= e: > >=20 > > Author: des > > Date: Sun Nov 2 02:01:55 2014 > > New Revision: 273958 > > URL: https://svnweb.freebsd.org/changeset/base/273958 > >=20 > > Log: > > Restore the auto-reseed logic, but move it to a much later point, > > immediately before kick_init. > >=20 > > Approved by: so (self) > >=20 > > Modified: > > head/sys/dev/random/random_adaptors.c > > head/sys/dev/random/yarrow.c > >=20 > > Modified: head/sys/dev/random/random_adaptors.c > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > --- head/sys/dev/random/random_adaptors.c Sun Nov 2 01:47:27 2014 (r= 273957) > > +++ head/sys/dev/random/random_adaptors.c Sun Nov 2 02:01:55 2014 (r= 273958) > > @@ -447,30 +447,8 @@ random_adaptors_deinit(void) > > } > >=20 > > /* > > - * First seed. > > - * > > - * NB! NB! NB! > > - * NB! NB! NB! > > - * > > - * It turns out this is bloody dangerous. I was fiddling with code e= lsewhere > > - * and managed to get conditions where a safe (i.e. seeded) entropy = device should > > - * not have been possible. This managed to hide that by unblocking t= he device anyway. > > - * As crap randomness is not directly distinguishable from good rand= omness, this > > - * could have gone unnoticed for quite a while. > > - * > > - * NB! NB! NB! > > - * NB! NB! NB! > > - * > > - * Very luckily, the probe-time entropy is very nearly good enough t= o cause a > > - * first seed all of the time, and the default settings for other en= tropy > > - * harvesting causes a proper, safe, first seed (unblock) in short o= rder after that. > > - * > > - * That said, the below would be useful where folks are more concern= ed with > > - * a quick start than with extra paranoia in a low-entropy environme= nt. > > - * > > - * markm - October 2013. > > + * Reseed the active adaptor shortly before starting init(8). > > */ > > -#ifdef RANDOM_AUTOSEED > > /* ARGSUSED */ > > static void > > random_adaptors_seed(void *unused __unused) > > @@ -484,6 +462,5 @@ random_adaptors_seed(void *unused __unus > >=20 > > arc4rand(NULL, 0, 1); > > } > > -SYSINIT(random_seed, SI_SUB_INTRINSIC_POST, SI_ORDER_LAST, > > - random_adaptors_reseed, NULL); > > -#endif /* RANDOM_AUTOSEED */ > > +SYSINIT(random_seed, SI_SUB_KTHREAD_INIT, SI_ORDER_FIRST, > > + random_adaptors_seed, NULL); > >=20 > > Modified: head/sys/dev/random/yarrow.c > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > --- head/sys/dev/random/yarrow.c Sun Nov 2 01:47:27 2014 (r273957) > > +++ head/sys/dev/random/yarrow.c Sun Nov 2 02:01:55 2014 (r273958) > > @@ -508,7 +508,9 @@ void > > random_yarrow_reseed(void) > > { > >=20 > > + mtx_lock(&random_reseed_mtx); > > reseed(SLOW); > > + mtx_unlock(&random_reseed_mtx); > > } > >=20 > > int > >=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1414934579.17308.248.camel>