From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 20:33:47 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id D03FC106566B; Mon, 10 Sep 2012 20:33:47 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 55FE914E935; Mon, 10 Sep 2012 20:33:46 +0000 (UTC) Message-ID: <504E4EAA.4060808@FreeBSD.org> Date: Mon, 10 Sep 2012 13:33:46 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20120824 Thunderbird/15.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> <504E4765.1020909@FreeBSD.org> <864nn5tyev.fsf@ds4.des.no> In-Reply-To: <864nn5tyev.fsf@ds4.des.no> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 20:33:47 -0000 On 9/10/2012 1:28 PM, Dag-Erling Smørgrav wrote: > Doug Barton writes: >> 3. Write a script to reboot, and once the system is fully booted do 'dd >> if=/dev/random of=saved-random-out.$i count=4096' then reboot again >> immediately. Values of i from 1 to 10,000 ought to do it. >> 4. sha256 the saved-random-out files and see how many duplicates there are. > > I doubt there will be any exact duplicates, but closer statistical > analysis might reveal a slight bias. For instance, if my intuition > serves, the Hamming distance between any pair of samples, when averaged > over a large number of samples, should be half the sample length. I'm > sure a professional statistician or cryptanalyst could come up with more > accurate ways of detecting bias. Arthur's assertion was a high statistical likelihood of exact duplicates. His words were something like, "I'm sure we would see the exact same ssh keys generated." I agree with you that more thorough analysis would be useful, but what I'm looking for is proof of Arthur's precise assertion. > The script in question, by the way, could simply be a few extra lines at > the end of /etc/rc.d/initrandom; No, that would specifically _not_ be an acceptable test. The only valid test is after the system is fully booted, both to take rc.d/random into account, and to allow for initial hardware entropy gathering to have full effect. Remember, the assertion that David and Arthur are making is that re-using the files in /var/db/entropy is harmful. -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909)