From owner-freebsd-hackers@freebsd.org Mon Jul 13 13:46:41 2015 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84BD999BA82 for ; Mon, 13 Jul 2015 13:46:41 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 14599E6 for ; Mon, 13 Jul 2015 13:46:40 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by wibud3 with SMTP id ud3so30269938wib.1 for ; Mon, 13 Jul 2015 06:46:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=QR4tZ72bX64cZEiJKqUzptFiHjB5hOMyT2u9VP+XBSs=; b=bidIy60pKoITlgxS50isaU4s2pOsmjHI1hatEsiWQyLgiamWLoCgsa19D6b4z1Vv4W aKPdPpH98WScrVr9XiSDr15Nel9jwFD9aws2MVvhMBZsqdzQYtRVAwW/Q7bLyfh2zHkD /7NYdFZSSN6rh1nnsxdSI5AlR0WovUdmzgD5fW12n3QOe3uht7ADW1rHIu1w2DUL4K/w ak21K+GjyT7kLtor89R3subcu9YSTOVqmOg70G4XlIMA6b9KxEHKiu68++sDlcf7hSne hQgx4AV/AKb2QQnEuFQz5XBLytCu3FEPxurITxvT3wpJkldu5OeYHi/tbfZDqRF6PvWH Mfxg== X-Received: by 10.180.182.33 with SMTP id eb1mr22583484wic.8.1436795198990; Mon, 13 Jul 2015 06:46:38 -0700 (PDT) Received: from gumby.homeunix.com (5ec1f6f9.skybroadband.com. [94.193.246.249]) by smtp.gmail.com with ESMTPSA id ez4sm14735282wid.14.2015.07.13.06.46.33 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jul 2015 06:46:38 -0700 (PDT) Date: Mon, 13 Jul 2015 14:46:30 +0100 From: RW To: freebsd-hackers@freebsd.org Subject: Re: Does /dev/random in virtual guests provide good random data? Message-ID: <20150713144630.32cd851a@gumby.homeunix.com> In-Reply-To: <55A3763B.7010303@rawbw.com> References: <55A2FB68.3070006@rawbw.com> <55A3763B.7010303@rawbw.com> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.27; amd64-portbld-freebsd10.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jul 2015 13:46:41 -0000 On Mon, 13 Jul 2015 01:26:35 -0700 Yuri wrote: > On 07/12/2015 18:14, Tim Kientzle wrote: > > http://www.2uo.de/myths-about-urandom/ > > > > In particular, it has this interesting comment: > > > > FreeBSD does the right thing: they don't have the distinction > > There are two approaches in random stream generation. One is to have > the sufficient random seed, and keep generating the following > pseudo-random numbers only from this seed. The second approach is to > also continuously feed the stream from some external source of > entropy. The real point of adding entropy after a PRNG is secure is to recover from compromise and break state extension attacks. FreeBSD does that, it just doesn't block. Actually no competently designed PRNG feeds in entropy continuously because it's more secure to add it in batches. Linux uses a single batch size (IIRC 128 bits) but FreeBSD reseeds on two separate cycles, a fast one designed to secure (or resecure) the device as quickly as possible, and an ultra-conservative slow one. FreeBSD also has the advantage of not splitting the entropy between two separate devices. > The fact that the long running linux VM still blocks on /dev/random > indicates that linux tries to collect more entropy on the go, > following the latter approach (intuitively I would also agree this is > better for randomness). > > So it isn't clear why FreeBSD random stream would be of the same > quality, if it doesn't collect entropy on the go. Because both Linux > and BSD have exactly the same entropy sources in VM. FreeBSD uses Yarrow, which was designed by Bruce Schneier, a professional cryptographer who created the Blowfish cipher, the AES candidate Twofish and PGP. Linux's /dev/random was designed by programmers; actually a lot of them, its greatest problem is that it's a mess of patches from amateurs.