Date: Tue, 1 Mar 2005 21:11:51 -0800 From: "Loren M. Lang" <lorenl@alzatex.com> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: /dev/io , /dev/mem : only used by Xorg? Message-ID: <20050302051151.GC30896@alzatex.com> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNEEJDFAAA.tedm@toybox.placo.com> References: <20050228124023.GH1672@alzatex.com> <LOBBIFDAGNMAMLGJJCKNEEJDFAAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 28, 2005 at 04:58:02AM -0800, Ted Mittelstaedt wrote: > > > > -----Original Message----- > > From: Loren M. Lang [mailto:lorenl@alzatex.com] > > Sent: Monday, February 28, 2005 4:40 AM > > To: Ted Mittelstaedt > > Cc: Kris Kennaway; Rob; FreeBSD questions > > Subject: Re: /dev/io , /dev/mem : only used by Xorg? > > > > > > On Mon, Feb 28, 2005 at 04:11:24AM -0800, Ted Mittelstaedt wrote: > > > > > > > > > > -----Original Message----- > > > > From: Kris Kennaway [mailto:kris@obsecurity.org] > > > > Sent: Monday, February 28, 2005 2:58 AM > > > > To: Ted Mittelstaedt > > > > Cc: Rob; FreeBSD questions > > > > Subject: Re: /dev/io , /dev/mem : only used by Xorg? > > > > > > > > > > > > On Mon, Feb 28, 2005 at 01:32:26AM -0800, Ted Mittelstaedt wrote: > > > > > > > > > Instead, they are part of the kernel itself. > > > > > > > > > > All the /dev files are, /dev/random, /dev/ad0 and so on, > > are simple > > > > > files that take up only a few bytes of space. They are > > convenient > > > > > "hook points" to use to get to these devices. That is, when > > > > a program > > > > > accesses /dev/random, it isn't actually opening that > > file. Instead, > > > > > the kernel intercepts that call and supplies the program opening > > > > > that device with the output of the actual device. > > > > > > > > > > This is why these device files are created with the > > mknod utility, > > > > > rather than just copying a file to /dev/random - since > > doing that is > > > > > accessing the device, not creating the device file. > > > > > > > > > > So, deleting these /dev devices saves you practically no space at > > > > > all, and does not in fact delete the devices - it only > > deletes the > > > > > access point to them. The devices are still there in the kernel. > > > > > > > > No, in 5.x the device nodes are created automatically by devfs and > > > > only appear in /dev by default if support is enabled in the kernel. > > > > > > Ah, yes I wasn't paying attention, he did say 5. I stopped paying > > > attention > > > after reading that he was wanting to remove /dev/random. > > > > > > > As the original poster discussed, /dev/io, /dev/mem and /dev/random > > > > are optional components of the 5.x kernel, although as I > > replied, the > > > > situations in which one would not want to include them are limited. > > > > > > > > > > Actually, recompiling openssl to use a prng daemon instead > > of the random > > > device > > > will probably improve your ssh security - unless they have greatly > > > improved the entropy generation in the random device in 5.X > > > > Is the /dev/random on FreeBSD really this bad? > > Yes - there's some random testing suites on the Internet, find a > few and compile them. (ENT for example) Run them repeatedly and see what > happens. > > Part of the problem is that BY DEFAULT the random device DOES NOT > look at interrupts. See the man page for rndcontrol. Presumably > the system admin of the system knows this and looks at his dmesg > output to see which irq's are assigned to network cards and hard > disks (which are fairly good sources of randomness) and sets the > random device to use these. In practice this isn't something mentioned > in the install docs so it is very unlikely many people know. I don't seem to have rndcontrol on 5.3, is that an old command? > > Another strange thing is that /dev/random should block when it > runs out of entropy - it doesen't seem to do so, however. And the > device doesen't seem to gain entropy that quickly. Then how is /dev/random differ from /dev/urandom? > > > I thought it should be > > better since it can gather entropy from all over the kernel like > > interrupts. I'm pretty sure I read that linuxes /dev/random was far > > supieror to prng and I'd expect FreeBSD to be the same unless someone > > was lazy in implementing it or there is some major security hole in it. > > > > The FreeBSD random device is a port of the same Linux code. I'm pretty sure that the linux code is GPLed, and I'd expect that FreeBSD uses a BSD version. Are they actually from the same code? > > Interestingly enough, Sun's Solaris x86 random driver sucks too in the > same way, runs out of entropy quickly and doesen't recharge that rapidly. > > There's a couple people who have written prngs which they claim are far > superior to the random devices. Do a search and you will run across > them. Every doc I've heard of using prng on linux always suggests that the native entropy source is better? Is this because the linux version has better hooks in the kernel and always uses interrupts as a source? > > An excellent random device would be a portable fm radio tuned to in > between > stations and feeding the mic input of a soundcard. That's what you use > when > you don't want NSA's supercomputers breaking your keys. ;-) But of > course if > you pulled entropy out of that too fast, you would run into the speed > limitations > of the D/A converter in the soundcard input. > > Ted -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050302051151.GC30896>