Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 15 Sep 2012 14:48:33 +0100
From:      RW <rwmaillists@googlemail.com>
To:        Mark Murray <markm@FreeBSD.org>
Cc:        Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, Doug Barton <dougb@freebsd.org>, Ben Laurie <benl@freebsd.org>, freebsd-security@freebsd.org, "Bjoern A. Zeeb" <bz@freebsd.org>
Subject:   Re: svn commit: r239569 - head/etc/rc.d
Message-ID:  <20120915144833.6bf99a65@gumby.homeunix.com>
In-Reply-To: <E1TCnVd-000Ctz-BF@groundzero.grondar.org>
References:  <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> <alpine.BSF.2.00.1209131258210.13080@ai.fobar.qr> <alpine.BSF.2.00.1209141336170.13080@ai.fobar.qr> <E1TCXN0-000NFT-7I@groundzero.grondar.org> <CAG5KPzwOdCkybj3D5uic1KC-pwW-pewgsrqrXg60f5SJjtzYPw@mail.gmail.com> <E1TCbDG-0002Hz-9D@groundzero.grondar.org> <CAG5KPzzRxzVX-%2B9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com> <E1TCbSz-0007CJ-BI@groundzero.grondar.org> <CAG5KPzyJNmXRfxtPPrdc2zVCsxGtDfJT79YC3a1PNUfOOSzt8A@mail.gmail.com> <E1TCcIq-000Brr-Ex@groundzero.grondar.org> <CAG5KPzwEESg7iUb2%2B-kAN%2Bk55M95BZjh5VaSvxzSsSCVuZ9kMw@mail.gmail.com> <E1TCdlD-000C1N-4g@groundzero.grondar.org> <20120915025820.73e04565@gumby.homeunix.com> <E1TCnVd-000Ctz-BF@groundzero.grondar.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 15 Sep 2012 09:13:49 +0100
Mark Murray wrote:

> RW writes:
> > So far no one has come up with a single cogent argument for
> > compression. If you replace compression with hashing then the need
> > modifying the kernel code is eliminated.
> 
> Compression reduces file size without losing entropy; 

So does hashing until way beyond the point where we have more entropy
than we need to kickstart yarrow.

Internally yarrow uses SHA256 hashing anyway.

> in fact it
> serves as an entropy concentrator. That said, I agree that its output
> is still not small enough and its speed is unacceptable.

The whole point of reducing the size is to fit it into the buffers, if
it doesn't do that then it's a waste of CPU cycles.  The motivation for
going for this XOR hack is because compression doesn't solve the buffer
depletion problem. 

Once you've made the kernel change, compression is probably
counter-productive because it's then desirable to spread the entropy as
evenly as possible.


> 
> As for modifying kernel code,
> 
> $ cat /dev/zero > /dev/random
> 
> ... can swamp entropy harvesting. Its an obvious attack and easily
> spotted/thwarted, but I'd like to defend against it; the current code
> is a bit too naive.


How can an unprivileged attacker do that during or before initrandom,
without having enough privileges to make it unnecessary.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120915144833.6bf99a65>