From owner-cvs-all Mon Jul 17 10:42:12 2000 Delivered-To: cvs-all@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 0107E37B7F5; Mon, 17 Jul 2000 10:42:00 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id TAA00707; Mon, 17 Jul 2000 19:43:06 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200007171743.TAA00707@grimreaper.grondar.za> To: "Jeroen C. van Gelderen" Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/sys random.h src/sys/dev/randomdev randomdev.cyarrow.c References: <39732F7F.2E5BAEC0@vangelderen.org> In-Reply-To: <39732F7F.2E5BAEC0@vangelderen.org> ; from "Jeroen C. van Gelderen" "Mon, 17 Jul 2000 12:08:31 -0400." Date: Mon, 17 Jul 2000 19:43:06 +0200 From: Mark Murray Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Arbitrarily reseeding is bad in the case of Yarrow as it > allows for iterative guessing attacks. This is precisely why > this functionality is not described in the paper. Yarrow was > designed to manage the reseeding itself just to prevent this > kind of attack. Eh? Paragraph 5.4 of the paper begins: "The reseed control module determines when a reseed is to be performed. An explicit reseed occurs when some application explicitly asks for a reseed operation. This is intended to be used only rarely, and only by applications that generate very high-valued random secrets. Access to to the explicit reseed function should be restricted in many cases." The /dev/random device is mode 644; that should cover it. > You should definately run this kind of input trough the entropy > estimation routines and have Yarrow decide to reseed. You are > writing 4096 bytes anyway (on bootup) so this will (barring > serious bugs) trigger a reseed. If not, you just caught a bug > and the randomness device appears to not work. That's a good > thing. I disagree; this is the "explicit reseed" function, and as such, I reckon its design is OK. > If your entropy pool is compromised your attacker has root or > there is a serious bug in Yarrow. In both cases you will want > to take steps to prevent this from happening again... True. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message