From owner-freebsd-security@FreeBSD.ORG Mon Sep 3 00:31:27 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 30E5F106566B for ; Mon, 3 Sep 2012 00:31:27 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id AF1FA8FC08 for ; Mon, 3 Sep 2012 00:31:26 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so3579092wgb.31 for ; Sun, 02 Sep 2012 17:31:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=ikQcztaT6UsUW95WnOuZX9epLqO4Rvw7Pzpqjut0nE8=; b=sF8ECkUmr4TuCpg1OS39IHWfs8YA+th+XQjcxe7Dm2ecbmrkSd0PBsstIRcHUl6F24 bSsZtY9+pyVy2nF1/55TjIFhTWItHkryE9+ueJ2pmkQyT1IePbbVP7wKmq4Yx71lAG99 D5nUH1ydJdYHxFRu9yYVjcC5biwlumgoi/ayN5Ig5lGnVc3t5oLS3AErY/nBIlyREpjZ AbvH9ownsKsvcUVg1Qgkl9ePcYgWBpRV/ctGTM1Vo5+jyYfcUErLYXfql04XQnljfqA8 OZsGSYiSBzDhrczy2XK7innK/waieJZ5vv31hw+R7Ot8b7zQX+lp9wVTCBgbWoIi6ehw R0gQ== Received: by 10.180.108.45 with SMTP id hh13mr19362284wib.15.1346632285773; Sun, 02 Sep 2012 17:31:25 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id cl8sm16194184wib.10.2012.09.02.17.31.23 (version=SSLv3 cipher=OTHER); Sun, 02 Sep 2012 17:31:24 -0700 (PDT) Date: Mon, 3 Sep 2012 01:31:20 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120903013120.262a34fc@gumby.homeunix.com> In-Reply-To: <20120903005708.7082f230@gumby.homeunix.com> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903005708.7082f230@gumby.homeunix.com> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Sep 2012 00:31:27 -0000 On Mon, 3 Sep 2012 00:57:08 +0100 RW wrote: > On Sun, 02 Sep 2012 15:20:31 -0700 > Doug Barton wrote: > > > On 08/22/2012 11:43, David E. O'Brien wrote: > > > Author: obrien > > > Date: Wed Aug 22 18:43:21 2012 > > > New Revision: 239569 > > > URL: http://svn.freebsd.org/changeset/base/239569 > > > > > > Log: > > > Remove old entropy seeding after consumption > > > initializing /dev/random PRNG. Not doing so opens us up to replay > > > attacks. > > > > I object to this change, and would like to see it discussed more. > > > No entropy file is effectively equivalent to a known file and anything > is better than that. Simply writing out a new version of /entropy > would be better. > > > The more significant problem is that initrandom dumps some very > low-grade entropy into /dev/random before the entropy file (see > below). Since /dev/random has very limited buffering, and processes > the buffers in a timed loop, it's almost certain that the first > entropy file is completely discarded. IMO the order should be > reversed or the low-grade stuff should be piped through sha256. I see that in CURRENT the order is reversed, but it's still repeating the same problem of saturating the buffers. Now most of of the low-grade entropy is going to be lost include the date, which in almost all cases would have eliminated any problem with a reused entropy file.