Date: Sun, 24 Jul 2005 11:34:06 -0700 From: Colin Percival <cperciva@freebsd.org> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: Poul-Henning Kamp <phk@haven.freebsd.dk>, freebsd-security@freebsd.org Subject: Re: cvs commit: src/games/fortune/fortune fortune.c Message-ID: <42E3DF1E.9040405@freebsd.org> In-Reply-To: <20050724181912.GO46538@darkness.comp.waw.pl> References: <20050724135738.GM46538@darkness.comp.waw.pl> <64009.1122213962@phk.freebsd.dk> <20050724181912.GO46538@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Pawel Jakub Dawidek wrote: > On Sun, Jul 24, 2005 at 04:06:02PM +0200, Poul-Henning Kamp wrote: > +> In message <20050724135738.GM46538@darkness.comp.waw.pl>, Pawel Jakub Dawidek writes: > +> >We should probably test entropy quality on boot. > +> >I've somewhere userland version of /sys/dev/rndtest/ which implements > +> >FIPS140-2 tests for (P)RNGs. We can use put it into rc.d/ and warn users. > +> > +> Anyway, back in this universe: We should not stick a lot of stuff into > +> our boot-time scripts, they are slow enough already. > > I think such a tool will be still useful (even if not turned on by default), > so one can turn it on when thinks it's needed: > - on production machines, > - on first start of rc.d/sshd (when you host keys are generated), > - when you need to check if PRNG is the thing which makes your fortune > not to work properly (or instrument the user how to do it easly). I think this would be more dangerous than valuable. "Most" failure modes of modern PRNGs will result in output which is cryptographically predictable but passes all known statistical tests. (To take a trivial example, the sequence MD5(0), MD5(1), MD5(2) ... looks random, but obviously isn't.) If we want to determine if the PRNG has been seeded properly, we should be querying the kernel, not trying to distinguish between "random" and "non-random" just based on its output. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E3DF1E.9040405>