Date: Mon, 17 Sep 2012 22:20:49 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Mark Murray <markm@FreeBSD.org> Cc: Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, Doug Barton <dougb@freebsd.org>, Ben Laurie <benl@freebsd.org>, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com> Subject: Re: Proposed fix; stage 1 (Was: svn commit: r239569 - head/etc/rc.d) Message-ID: <20120917202049.GC1420@garage.freebsd.pl> In-Reply-To: <E1TDHb0-000FIh-0Z@groundzero.grondar.org> References: <CAG5KPzzRxzVX-%2B9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com> <E1TCbSz-0007CJ-BI@groundzero.grondar.org> <CAG5KPzyJNmXRfxtPPrdc2zVCsxGtDfJT79YC3a1PNUfOOSzt8A@mail.gmail.com> <E1TCcIq-000Brr-Ex@groundzero.grondar.org> <CAG5KPzwEESg7iUb2%2B-kAN%2Bk55M95BZjh5VaSvxzSsSCVuZ9kMw@mail.gmail.com> <E1TCdlD-000C1N-4g@groundzero.grondar.org> <CAG5KPzzFO1H5Wcx34oXi09=aJqg5w%2BXWSd8fnn0Byvpy_8%2B-rA@mail.gmail.com> <E1TCpk1-000N2H-Vq@groundzero.grondar.org> <CAG5KPzymZY0ua2cAkzB-MK54G2WbWYi9J01c8YW4F9LOdVvc9A@mail.gmail.com> <E1TDHb0-000FIh-0Z@groundzero.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--MAH+hnPXVZWQ5cD/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 16, 2012 at 05:21:21PM +0100, Mark Murray wrote: > Hi >=20 > Part 1 of the fix is enclosed; it involves drastically shortening the > input into /dev/random (the "kickstart") at boot time. There are time > implications that I'd like to hear any objections to. >=20 > Part 1a is going to be tweeks to stashing entropy at restart > (and possibly during normal running). Also fixes to zero-entropy > first-startup. >=20 > Part 2 will be a cheap shortening of files during reading so as not > to clog up the harvest queue. The harvest queue will always be a bit > intolerant of excess input via this route, so this should help a lot. >=20 > Part 3 will be the addition of another choice of software PRNG; > Fortuna. Fortuna is MUCH more resilient to attack, at the expense > of using more kernel memory. For modern machines, this is scarcely > noticeable, but it could be bad for embedded units. >=20 > Tweeks along the way may include reverting to the original intent of > starting the PRNG blocked, and only unblocking once reseeded. >=20 > M > -- > Mark R V Murray > Pi: 132511160 > Index: initrandom > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- initrandom (revision 240384) > +++ initrandom (working copy) > @@ -23,15 +23,12 @@ > =20 > better_than_nothing() > { > - # XXX temporary until we can improve the entropy > - # harvesting rate. > # Entropy below is not great, but better than nothing. > # This unblocks the generator at startup > # Note: commands are ordered to cause the most variance across reboots. > - ( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \ > - | dd of=3D/dev/random bs=3D8k 2>/dev/null > - /sbin/sha256 -q `sysctl -n kern.bootfile` \ > - | dd of=3D/dev/random bs=3D8k 2>/dev/null > + for cmd in "kenv" "dmesg" "df -ib" "ps -fauxww" "date" "sysctl -ao" "ne= tstat -arn" "fstat" ; do > + ${cmd}| sha256 > /dev/random > + done I'd much prefer to just use sha512 here and also add -b to sysctl. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --MAH+hnPXVZWQ5cD/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBXhiAACgkQForvXbEpPzRENACfebpDcZizqdvOcJhMXXdFZdBB QYAAn3zov0IRIJ3TDJ5gQSd1gE7Afwlo =s/8t -----END PGP SIGNATURE----- --MAH+hnPXVZWQ5cD/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120917202049.GC1420>