Date: Mon, 10 Sep 2012 23:38:31 -0700 From: Doug Barton <dougb@FreeBSD.org> To: obrien@freebsd.org Cc: Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com> Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <504EDC67.9070700@FreeBSD.org> In-Reply-To: <20120911061530.GA77399@dragon.NUXI.org> References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/10/2012 23:15, David O'Brien wrote:
> On Thu, Sep 06, 2012 at 04:40:48PM -0700, Doug Barton wrote:
>> It is way past time that you either demonstrate that your claim has
>> merit, or stop making it.
>
> Doug,
> At this point what are you asking for?
For you to back out your rc.d changes related to /dev/random. (You
already know the answer to this, since I just sent you a request in
private mail.)
You have not actually demonstrated a real problem, and you are
misapplying the advice you're reading. I can't make it any more simple
than that.
That said, I have made 2 concrete proposals that address your concerns
about replay attacks:
1. Pseudo-randomize the order in which we utilize the files in
/var/db/entropy
2. Add a file to /var/db/entropy at boot time to help with the fast
reboot issue that will be deleted by subsequent runs of the save-entropy
script.
Both of those proposals improve the way that the system uses those
files, dramatically reduce the already incredibly slim chance that an
attacker can guess the internal state of the device, and avoid weakening
the system in the event of a fast reboot.
I have listened to both you and Arthur regarding your concerns,
explained (to the best of my ability) why decisions were made when these
things were written originally, and addressed your concerns with
proactive suggestions.
In return you and Arthur have repeated the same arguments over and over
again, in spite of my pointing out the flaws in your reasoning each
time. Further, you have made not 1, but as of tonight 2 more commits in
this area after I specifically asked you not to proceed until a
consensus was reached. Even if you were 100% right, this is still bad form.
> * To run better_than_nothing() before feed_dev_random() with
> ${entropy_file}?
As I've pointed out already, it's arguable which of the 2 sources is
"better," but doesn't really matter that much which one is run first.
Given that it's arguable my slight preference would be to restore the
previous order, as I did in the patch that I submitted for review.
It's also worth pointing out that I also asked you to avoid violating
existing style guidelines by not creating a function out of code that's
only used once; and pointed out that we should always run both "better
than nothing" commands AND use /entropy.
> I addressed that in Message-ID:
FYI, quoting message ids is a particularly useless thing to do.
Nevertheless, I understand your arguments, and believe that I have
addressed them pretty thoroughly.
> * To not run 'postrandom' to delete ${entropy_file}?
>
> I addressed that
Yes, and you're 100% wrong. Sorry to be so blunt, but I have repeatedly
drawn the distinction between an ideal system, and one that may have to
reboot before all of the files have been replaced over time. You and
Arthur have consistently ignored that distinction.
On a typical system that is up for longer than 88 minutes, your change
is moot since all the files will get replaced. In the event of a short
reboot cycle, your change damages the system.
> Our our own sys/dev/random/nehemiah.c follows this advice:
> ...
> * key, IV and the data are all read directly from the hardware RNG.
> * All of these are used precisely once.
> */
>
> As does OpenBSD.
Right, PER BOOT.
> * To run 'ps' twice in better_than_nothing()?
I've already said that I'm open to discussion about using different
commands for the "better than nothing" set. It's worth pointing out
however that there is far from universal agreement that your suggestions
are the right ones.
As I said in my private message, I'm sorry that it's come to this, as I
consider you a friend, and I had hoped we could work things out in an
amicable way. But your suggestions are moving in the wrong direction,
and my attempts to persuade you have failed.
Doug
--
I am only one, but I am one. I cannot do everything, but I can do
something. And I will not let what I cannot do interfere with what
I can do.
-- Edward Everett Hale, (1822 - 1909)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?504EDC67.9070700>