From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 09:45:55 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA09D106566C; Wed, 12 Sep 2012 09:45:54 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id B39EA8FC1B; Wed, 12 Sep 2012 09:45:53 +0000 (UTC) Received: by eeke52 with SMTP id e52so1179205eek.13 for ; Wed, 12 Sep 2012 02:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=ZynwWp875FjQIPiynQJkc3VysFHgqt3E0gyNeGg3Ogg=; b=VkcCoZrc2gpjVp93wiCUcteXLs3G3hna1rf7CbPYLqxkKUAEYJNSzImJprbVKgRc1g pFJb6nQD/Z+ih40iDyJ/hQdq7jlJbNUDojc0ngcTySSAwtrhAD65BcvAAsbupalqv+BA et4jDaPAE/XpCL4xHItIotxon70MFqbO30NZgijPPsMjpdy6Sqx7XokvkIGNSBVjmTWV qXTQfFtI+ap/LaDKav5YwISm0SbsYDSpDZDfdxw8hhSK91UGFocluHDKfQ6M3M9cv9y7 RoZBQuI7XQ0EMrIFdAO9zUSWOsj5KaLeozSHdjVQAXErhoYTBa+pRCnV518OkptQOzCS lsDQ== Received: by 10.14.218.134 with SMTP id k6mr30042619eep.14.1347443150701; Wed, 12 Sep 2012 02:45:50 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id a7sm54572393eep.14.2012.09.12.02.45.48 (version=SSLv3 cipher=OTHER); Wed, 12 Sep 2012 02:45:49 -0700 (PDT) Date: Wed, 12 Sep 2012 10:45:47 +0100 From: RW To: obrien@freebsd.org Message-ID: <20120912104547.1d0061c1@gumby.homeunix.com> In-Reply-To: <20120911082309.GD72584@dragon.NUXI.org> References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 09:45:55 -0000 On Tue, 11 Sep 2012 01:23:09 -0700 David O'Brien wrote: > > On 09/10/2012 23:46, David O'Brien wrote: > > > In what way did I suggest we don't need to seed the PRNG? > > > I simply removed an outdated and incorrect statement. > > > > Yes, the comment as it stood was out of date. I'm not sure that > > removing it (rather than rephrasing it) was the right call. > > Doug you're a FreeBSD committer, you know how to use an editor and > 'svn diff'. Where is your patch suggesting a rephrase? > > > > > In fact writing into /dev/random CANNOT "seeded" yarrow. > > > All /dev/random input is untrusted and is assumed to have _0_ > > > entropy: > > > > > > void > > > random_yarrow_write(void *buf, int count) > > > { > > > ... > > > random_harvest_internal(get_cyclecount(), (char *)buf + i, > > > chunk, 0, 0, RANDOM_WRITE); > > > > You're taking that out of context. The 0 there is just an estimate, > > but it's added to the tailq anyway. > > Yes the input written to /dev/random is put into the generator > (provided you have the seed buffer space). > > The "0, 0" is the 'bits' and 'frac' argument to > random_harvest_internal(), which become 'event->bits' and > 'event->frac'. Follow the code from there and point out how I am > wrong. > It doesn't make any difference. When root close the device a forced slow reseed is done (after the yarrow thread completes feeding the data into yarrow). Since this is unconditional and clears the entropy accounting, the entropy estimate is irrelevant to rc.d/, which runs as root. The entropy estimated at zero bits is so that an *unpriveleged* user can't feed in his own input, corrupt the entropy estimation and perform a state-extension attack. On Tue, 11 Sep 2012 00:12:06 -0700 Doug Barton wrote: > I'm also tired of repeating why writing out a new /entropy file at > boot time makes the system weaker, not stronger. That's not really true. The entropy file contains up to 256 bits of entropy, if yarrow is correctly seeded with that then that entropy will be in the 256-bit key which will produce a new file that also contains that entropy.