Date: Mon, 10 Sep 2012 23:38:31 -0700 From: Doug Barton <dougb@FreeBSD.org> To: obrien@freebsd.org Cc: Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com> Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <504EDC67.9070700@FreeBSD.org> In-Reply-To: <20120911061530.GA77399@dragon.NUXI.org> References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/10/2012 23:15, David O'Brien wrote: > On Thu, Sep 06, 2012 at 04:40:48PM -0700, Doug Barton wrote: >> It is way past time that you either demonstrate that your claim has >> merit, or stop making it. > > Doug, > At this point what are you asking for? For you to back out your rc.d changes related to /dev/random. (You already know the answer to this, since I just sent you a request in private mail.) You have not actually demonstrated a real problem, and you are misapplying the advice you're reading. I can't make it any more simple than that. That said, I have made 2 concrete proposals that address your concerns about replay attacks: 1. Pseudo-randomize the order in which we utilize the files in /var/db/entropy 2. Add a file to /var/db/entropy at boot time to help with the fast reboot issue that will be deleted by subsequent runs of the save-entropy script. Both of those proposals improve the way that the system uses those files, dramatically reduce the already incredibly slim chance that an attacker can guess the internal state of the device, and avoid weakening the system in the event of a fast reboot. I have listened to both you and Arthur regarding your concerns, explained (to the best of my ability) why decisions were made when these things were written originally, and addressed your concerns with proactive suggestions. In return you and Arthur have repeated the same arguments over and over again, in spite of my pointing out the flaws in your reasoning each time. Further, you have made not 1, but as of tonight 2 more commits in this area after I specifically asked you not to proceed until a consensus was reached. Even if you were 100% right, this is still bad form. > * To run better_than_nothing() before feed_dev_random() with > ${entropy_file}? As I've pointed out already, it's arguable which of the 2 sources is "better," but doesn't really matter that much which one is run first. Given that it's arguable my slight preference would be to restore the previous order, as I did in the patch that I submitted for review. It's also worth pointing out that I also asked you to avoid violating existing style guidelines by not creating a function out of code that's only used once; and pointed out that we should always run both "better than nothing" commands AND use /entropy. > I addressed that in Message-ID: FYI, quoting message ids is a particularly useless thing to do. Nevertheless, I understand your arguments, and believe that I have addressed them pretty thoroughly. > * To not run 'postrandom' to delete ${entropy_file}? > > I addressed that Yes, and you're 100% wrong. Sorry to be so blunt, but I have repeatedly drawn the distinction between an ideal system, and one that may have to reboot before all of the files have been replaced over time. You and Arthur have consistently ignored that distinction. On a typical system that is up for longer than 88 minutes, your change is moot since all the files will get replaced. In the event of a short reboot cycle, your change damages the system. > Our our own sys/dev/random/nehemiah.c follows this advice: > ... > * key, IV and the data are all read directly from the hardware RNG. > * All of these are used precisely once. > */ > > As does OpenBSD. Right, PER BOOT. > * To run 'ps' twice in better_than_nothing()? I've already said that I'm open to discussion about using different commands for the "better than nothing" set. It's worth pointing out however that there is far from universal agreement that your suggestions are the right ones. As I said in my private message, I'm sorry that it's come to this, as I consider you a friend, and I had hoped we could work things out in an amicable way. But your suggestions are moving in the wrong direction, and my attempts to persuade you have failed. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?504EDC67.9070700>