From owner-freebsd-security@FreeBSD.ORG Thu Sep 13 19:55:08 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4CAC310657C4 for ; Thu, 13 Sep 2012 19:55:08 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) by mx1.freebsd.org (Postfix) with ESMTP id E99D58FC18 for ; Thu, 13 Sep 2012 19:55:07 +0000 (UTC) Received: from uucp by gromit.grondar.org with local-rmail (Exim 4.77 (FreeBSD)) (envelope-from ) id 1TCFVD-0002XO-80 for freebsd-security@freebsd.org; Thu, 13 Sep 2012 20:55:07 +0100 Received: from localhost ([127.0.0.1] helo=groundzero.grondar.org) by groundzero.grondar.org with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1TCFRT-000Ise-E8; Thu, 13 Sep 2012 20:51:15 +0100 To: obrien@freebsd.org In-reply-to: <20120913191936.GA36319@dragon.NUXI.org> References: <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <20120912104547.1d0061c1@gumby.homeunix.com> <20120913191936.GA36319@dragon.NUXI.org> From: Mark Murray Date: Thu, 13 Sep 2012 20:51:15 +0100 Message-Id: Cc: Arthur Mesh , Ian Lepore , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2012 19:55:08 -0000 David O'Brien writes: > On Thu, Sep 13, 2012 at 08:00:19PM +0100, Mark Murray wrote: > > I'm in favour of doing something > > to "dribble" the startup suff in, while limiting its length to (say) > > 1-2 K. Compressing the gathered stuff is a good idea, and inserting > > that *first* with a delay following would be ideal; 1 second would be > > sufficient, 2 safer if the machine very busy. After that "chunking" the > > cached stuff and easing it in slowly would be a Good Thing(tm). > > Mark, > Can you add more about your reasoning why the low-grade entropy should be > input before the high-quality cached entropy? Sure! I'm presuming that there is sufficient delay after the initial low-grade stuff (compressed, so dense) for it _all_ to be used. This means that at least the first bits of whatever follows also gets used properly. The low-grade stuff is the "best bet" for creating some form of difference between 2 otherwise identical machines, albeit small. This shortish delay also gives the TSC register a bit more time to provide further uncertainty for the later entropy reinsertion/harvesting. The high-grade then does the heavy-lifing, presuming that it exists, which after a dodgy start-up/restart, may not be the case. However, even a small piece of /dev/zero will give SOME entropy due to TSC uncertainty here, so further gathering has a better head start. (There is further help for the super-paranoid; resetting the "seeded" bit (sysctl) will cause /dev/random reads to block until the next reseed. This may be (ab)used to really keep the device safe by repeated clearing followed by writes of cached entropy.) M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160