Date: Mon, 17 Sep 2012 22:20:49 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Mark Murray <markm@FreeBSD.org> Cc: Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, Doug Barton <dougb@freebsd.org>, Ben Laurie <benl@freebsd.org>, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com> Subject: Re: Proposed fix; stage 1 (Was: svn commit: r239569 - head/etc/rc.d) Message-ID: <20120917202049.GC1420@garage.freebsd.pl> In-Reply-To: <E1TDHb0-000FIh-0Z@groundzero.grondar.org> References: <CAG5KPzzRxzVX-%2B9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com> <E1TCbSz-0007CJ-BI@groundzero.grondar.org> <CAG5KPzyJNmXRfxtPPrdc2zVCsxGtDfJT79YC3a1PNUfOOSzt8A@mail.gmail.com> <E1TCcIq-000Brr-Ex@groundzero.grondar.org> <CAG5KPzwEESg7iUb2%2B-kAN%2Bk55M95BZjh5VaSvxzSsSCVuZ9kMw@mail.gmail.com> <E1TCdlD-000C1N-4g@groundzero.grondar.org> <CAG5KPzzFO1H5Wcx34oXi09=aJqg5w%2BXWSd8fnn0Byvpy_8%2B-rA@mail.gmail.com> <E1TCpk1-000N2H-Vq@groundzero.grondar.org> <CAG5KPzymZY0ua2cAkzB-MK54G2WbWYi9J01c8YW4F9LOdVvc9A@mail.gmail.com> <E1TDHb0-000FIh-0Z@groundzero.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--MAH+hnPXVZWQ5cD/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Sep 16, 2012 at 05:21:21PM +0100, Mark Murray wrote:
> Hi
>=20
> Part 1 of the fix is enclosed; it involves drastically shortening the
> input into /dev/random (the "kickstart") at boot time. There are time
> implications that I'd like to hear any objections to.
>=20
> Part 1a is going to be tweeks to stashing entropy at restart
> (and possibly during normal running). Also fixes to zero-entropy
> first-startup.
>=20
> Part 2 will be a cheap shortening of files during reading so as not
> to clog up the harvest queue. The harvest queue will always be a bit
> intolerant of excess input via this route, so this should help a lot.
>=20
> Part 3 will be the addition of another choice of software PRNG;
> Fortuna. Fortuna is MUCH more resilient to attack, at the expense
> of using more kernel memory. For modern machines, this is scarcely
> noticeable, but it could be bad for embedded units.
>=20
> Tweeks along the way may include reverting to the original intent of
> starting the PRNG blocked, and only unblocking once reseeded.
>=20
> M
> --
> Mark R V Murray
> Pi: 132511160
> Index: initrandom
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- initrandom (revision 240384)
> +++ initrandom (working copy)
> @@ -23,15 +23,12 @@
> =20
> better_than_nothing()
> {
> - # XXX temporary until we can improve the entropy
> - # harvesting rate.
> # Entropy below is not great, but better than nothing.
> # This unblocks the generator at startup
> # Note: commands are ordered to cause the most variance across reboots.
> - ( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \
> - | dd of=3D/dev/random bs=3D8k 2>/dev/null
> - /sbin/sha256 -q `sysctl -n kern.bootfile` \
> - | dd of=3D/dev/random bs=3D8k 2>/dev/null
> + for cmd in "kenv" "dmesg" "df -ib" "ps -fauxww" "date" "sysctl -ao" "ne=
tstat -arn" "fstat" ; do
> + ${cmd}| sha256 > /dev/random
> + done
I'd much prefer to just use sha512 here and also add -b to sysctl.
--=20
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
--MAH+hnPXVZWQ5cD/
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlBXhiAACgkQForvXbEpPzRENACfebpDcZizqdvOcJhMXXdFZdBB
QYAAn3zov0IRIJ3TDJ5gQSd1gE7Afwlo
=s/8t
-----END PGP SIGNATURE-----
--MAH+hnPXVZWQ5cD/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120917202049.GC1420>