From owner-freebsd-security@FreeBSD.ORG Wed Aug 9 07:17:37 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0944516A4DE for ; Wed, 9 Aug 2006 07:17:37 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30310.mail.mud.yahoo.com (web30310.mail.mud.yahoo.com [68.142.200.103]) by mx1.FreeBSD.org (Postfix) with SMTP id 5673D43D46 for ; Wed, 9 Aug 2006 07:17:36 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 71843 invoked by uid 60001); 9 Aug 2006 07:17:35 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=U8lzG/a2rzNSxgA1aY3OHG47zlPeltmIbL9tOBnDv9tyU8gLdl99dpZYX9cSuvkNig38agCJ721WaIm0aTjFoQ9Hg7ZjigF/ETL9emKu83DxTvAy/WhlWqeDYkHgs+KSyt2/oDme1Fa1AnHL6zhClQ6YhjWt9u1oPU/8DBV8Qwo= ; Message-ID: <20060809071735.71840.qmail@web30310.mail.mud.yahoo.com> Received: from [213.54.65.30] by web30310.mail.mud.yahoo.com via HTTP; Wed, 09 Aug 2006 00:17:35 PDT Date: Wed, 9 Aug 2006 00:17:35 -0700 (PDT) From: "R. B. Riddick" To: Doug Barton , Kevin Day In-Reply-To: <44D922E0.5050005@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 07:17:37 -0000 --- Doug Barton wrote: > The patches you sent to implement this option didn't come through to the > mailing list, could you resend them please? :) > > Seriously though, a lot of people looked at this problem when yarrow was > introduced, and no solution became immediately apparent. So, if someone > wants to take a crack at implementing something, knock yourself out. > Since this is the security mailing list, I would like to direct the attention on the following points: * I see in the CD-procedure the problem, that a postman, who is more sophisticated than in Leslie Nielsen's "Naked Gun 33 1/3" movie, might exchange the media, so that u let ur Netherlandish install something u dont know and/or like. Workaround: Do you use a checksum over the media (`md5 < /dev/acd0`) and transmit those checksum on a different way (maybe email)? * I received a private communication yesterday about this matter. But the list did not. I will cite (not litterally) a little bit out of that message: Since you do not know anything about the remotely created host-key, u cannot connect safely to the freshly installed box, because: You do not even know the signature of the new host-key, so that if u connect to the wrong box u would not even known. Workaround: You could give all hosts the same well-known host-key (via your install-image-CD) and then u could change the host-key in a remotely controlled way individually and note down the signature? Maybe my secret informer (lets call him Rasmus or RK) wants to come public... :-) * But what if the postman (see first point) know already the host-key from reading the CD? Then he could log in to ur boxes... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com