From owner-freebsd-rc@FreeBSD.ORG Mon Sep 3 20:35:12 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D48B41065679; Mon, 3 Sep 2012 20:35:11 +0000 (UTC) (envelope-from arthurmesh@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 8B1C38FC2D; Mon, 3 Sep 2012 20:35:11 +0000 (UTC) Received: by pbbrp2 with SMTP id rp2so8414665pbb.13 for ; Mon, 03 Sep 2012 13:35:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=tRgi50R3uwNJVO1miTx41Ht6qOuqa5oR7CwH3hQzRDg=; b=FowADcWzhG9pP7wfXWCwsn8ZTg1CUafKKYwNayC9nOPz7hiCQ8ZpeFgRhFprAL5hYx tvFuUs0urgFKL93XXcOcS5I46pzZhoLLfBcbOyugAHLpHkm0lKTEuxnIUS3/Ugrwnq5B yvy/vXwag9Hq+Y9WlRuL4pcDyXZLkfx2ut/EoY19mtVCv/zgI6KYqtpGzG5h4adjzZFZ 4ngEXza4YlDOvmO72jFcvcXp8kahssmmDMNO0wfizfpyTNwEufpubJJBCAJrYwYwjB3U /wLYNkIl4wnvEgFZP1zWljVJjppUYOd1syxLhk4bFv66bX0hycEbmlllsG2Kgbvq+jYA kA9g== Received: by 10.66.77.168 with SMTP id t8mr36356784paw.28.1346704510949; Mon, 03 Sep 2012 13:35:10 -0700 (PDT) Received: from x96.org (x96.org. [64.85.165.177]) by mx.google.com with ESMTPS id ka4sm10552381pbc.61.2012.09.03.13.35.08 (version=SSLv3 cipher=OTHER); Mon, 03 Sep 2012 13:35:09 -0700 (PDT) Date: Mon, 3 Sep 2012 13:35:05 -0700 From: Arthur Mesh To: Doug Barton Message-ID: <20120903203505.GN1464@x96.org> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903171538.GM1464@x96.org> <50450F2A.10708@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50450F2A.10708@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@FreeBSD.org, freebsd-rc@FreeBSD.org, Mark Murray , "David E. O'Brien" Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Sep 2012 20:35:12 -0000 On Mon, Sep 03, 2012 at 01:12:26PM -0700, Doug Barton wrote: > I didn't miss it. What postrandom does is delete all of the (by default) > 8 files in /var/db/entropy that were the product of the previous boot's > output. Then it re-generates /entropy, which was written out at the last > shutdown, ideally after enough uptime for /dev/random to have been > properly seeded, with a new file generated from a poorly seeded entropy > pool as part of the boot process. Yes, except /entropy is generated after /var/db/entropy/* and old /entropy was fed in to yarrow. So I don't believe saying it's poorly seeded at that point is fair. On next reboot /entropy will get re-written anyway. > IMO both of those are bad ideas, and lower both the quantity and quality > of the entropy available at the next boot, should that happen prior to > the (again, by default) 88 minutes it takes for the system to update > /var/db/entropy. I believe this is better than what we have today, since it prevents a case where system crashes before cronjob (that writes to saved-entropy.X) gets to run at all. This patch reduces this window to matter of a second or so. If you think quantity is very important here, (which I don't believe is true) I am fine with not deleting /var/db/entropy/* on boot (It doesn't make things better or worse). > > In the end, assuming machine boots up passed postrandom script, we're left with > > no stale seed files, but a freshly generated ${entropy_file_confirmed}, which > > should be sufficient to seed next bootup. > I understand how you're thinking about this, but unfortunately I'm quite > certain your thinking is incorrect. As I pointed out in my last message, > Yarrow is designed to cope with the possibility of replay attacks, and > even with feeding in the same entropy files (after a short boot) the > amount of new material we introduce at each boot fully alleviates this > concern. You could be correct about Yarrow, but the Bruce Schneier explicitly recommends to recycle already used seed with a new one. Reference is provided in the code. Also, our findings have shown that on some very low end systems, these seed files are pretty much the only source of entropy early during boot. Moreover, we also uncovered other problems with the way things are consumed by Yarrow via /dev/random. We will provide more details on our findings a bit later.