Date: Fri, 06 Oct 2017 00:45:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 222807] PURE entropy sources are harvested but not mixed in. Also, min-entropy low per SP800-90B measurements Message-ID: <bug-222807-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222807 Bug ID: 222807 Summary: PURE entropy sources are harvested but not mixed in. Also, min-entropy low per SP800-90B measurements Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: badfilemagic@gmail.com Created attachment 186932 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D186932&action= =3Dedit patche that enable "pure" entropy sources such as RDRND to actually be mixed At vBSDCon, JMG and I co-presented a talk on an entropy analysis and audit = on /dev/random that we conducted out of mutual interest. In the course of our work, we found the following: * so-called "PURE" sources of entropy, such as RDRND on Intel chips, are harvested however the results of the harvest are never mixed in due to the harvest mask bit never being set, with no way to set it. * Conducting an SP800-90B entropy analysis on the non-IID track for non-whitened entropy (the data fed into randomdev_hash_iterate, essentially= ), min-entropy is rather low because of a) the trng sources weren't being mixe= d, and b) there is a lot of repeat and predictable garbage that is of no value= in the harvest_event structure, especially for events with only 4 bytes worth = of data from their source in the he_entropy field. Attached are patches which correct these two issues. They are from work done downstream with the HardenedBSD team and have been tested. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-222807-8>