Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Jul 2000 12:08:31 -0400
From:      "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
To:        Mark Murray <markm@FreeBSD.ORG>
Cc:        cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject:   Re: cvs commit: src/sys/sys random.h src/sys/dev/randomdev  randomdev.cyarrow.c
Message-ID:  <39732F7F.2E5BAEC0@vangelderen.org>
References:  <200007171223.FAA85311@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Mark Murray wrote:
> 
> markm       2000/07/17 05:23:04 PDT
> 
>   Modified files:
>     sys/sys              random.h
>     sys/dev/randomdev    randomdev.c yarrow.c
>   Log:
>   Add randomness write functionality. This does absolutely nothing for
>   entropy estimation, but causes an immediate reseed after the input
>   (read in sizeof(u_int64_t) chunks) is "harvested".

Arbitrarily reseeding is bad in the case of Yarrow as it 
allows for iterative guessing attacks. This is precisely why 
this functionality is not described in the paper. Yarrow was 
designed to manage the reseeding itself just to prevent this 
kind of attack. 

You should definately run this kind of input trough the entropy 
estimation routines and have Yarrow decide to reseed. You are
writing 4096 bytes anyway (on bootup) so this will (barring 
serious bugs) trigger a reseed. If not, you just caught a bug
and the randomness device appears to not work. That's a good
thing.

I'd treat any bytes written to /dev/random as just another 
(untrustworthy) entropy source and subject them to a very
conservative (dynamic) entropy estimation.

>   This will be used in the reboot "reseeder", coming in another
>   commit. This can be used very effectively at any time you think
>   your randomness is compromised; something like
> 
>   # (ps -gauxwww; netstat -an; dmesg; vmstat -c10 1) > /dev/random
> 
>   will give the attacker something to think about.

If your entropy pool is compromised your attacker has root or
there is a serious bug in Yarrow. In both cases you will want
to take steps to prevent this from happening again...

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39732F7F.2E5BAEC0>