Date: Mon, 13 Jul 2015 14:46:30 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-hackers@freebsd.org Subject: Re: Does /dev/random in virtual guests provide good random data? Message-ID: <20150713144630.32cd851a@gumby.homeunix.com> In-Reply-To: <55A3763B.7010303@rawbw.com> References: <55A2FB68.3070006@rawbw.com> <CCCC361E-70E1-4BA4-9765-65653F40DBC7@kientzle.com> <55A3763B.7010303@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 13 Jul 2015 01:26:35 -0700 Yuri wrote: > On 07/12/2015 18:14, Tim Kientzle wrote: > > http://www.2uo.de/myths-about-urandom/ > > > > In particular, it has this interesting comment: > > > > FreeBSD does the right thing: they don't have the distinction > > There are two approaches in random stream generation. One is to have > the sufficient random seed, and keep generating the following > pseudo-random numbers only from this seed. The second approach is to > also continuously feed the stream from some external source of > entropy. The real point of adding entropy after a PRNG is secure is to recover from compromise and break state extension attacks. FreeBSD does that, it just doesn't block. Actually no competently designed PRNG feeds in entropy continuously because it's more secure to add it in batches. Linux uses a single batch size (IIRC 128 bits) but FreeBSD reseeds on two separate cycles, a fast one designed to secure (or resecure) the device as quickly as possible, and an ultra-conservative slow one. FreeBSD also has the advantage of not splitting the entropy between two separate devices. > The fact that the long running linux VM still blocks on /dev/random > indicates that linux tries to collect more entropy on the go, > following the latter approach (intuitively I would also agree this is > better for randomness). > > So it isn't clear why FreeBSD random stream would be of the same > quality, if it doesn't collect entropy on the go. Because both Linux > and BSD have exactly the same entropy sources in VM. FreeBSD uses Yarrow, which was designed by Bruce Schneier, a professional cryptographer who created the Blowfish cipher, the AES candidate Twofish and PGP. Linux's /dev/random was designed by programmers; actually a lot of them, its greatest problem is that it's a mess of patches from amateurs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150713144630.32cd851a>