From owner-freebsd-security@FreeBSD.ORG Sat Sep 15 13:48:45 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5C4B0106566B; Sat, 15 Sep 2012 13:48:45 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) by mx1.freebsd.org (Postfix) with ESMTP id 0D5888FC15; Sat, 15 Sep 2012 13:48:43 +0000 (UTC) Received: by wibhq12 with SMTP id hq12so2980209wib.1 for ; Sat, 15 Sep 2012 06:48:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=71UrRgmooIuGGd6ZYIHGyn1G9ns73mi6wF8PIacp7lQ=; b=VwfelpCRn/wRK/BqoUn2nN2m11vIoIRwT5Ybea5lfecYmz8sKjuxEhv6Db0tmHqtjL pVh6LgLCDUromgi6jxpgHNuS1URg7A4YBanWSyGhe9eUFsJ34adfyzHIPCIMRDAoCSrE AbU4E93QZap6dDq/DeNN68YyQpVha4Vam1dF/pxVUpZCQ/QcRzTgjwE6W3g51099fNwM tfOmvBkhTCPYUXMWRXRCAqSZS22M4of5T1hLOBsK1tdAR3hgEdIOr01uiSnsi/EXIyvJ xZo2Xe/WOFJkOo1pOqul8FLBbH/j3kWu/9fOJFoKE5XHyIu2t1VX6Tnzmw/DxoEpKI6T dfww== Received: by 10.216.240.8 with SMTP id d8mr3417155wer.157.1347716917225; Sat, 15 Sep 2012 06:48:37 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id eu4sm5195180wib.2.2012.09.15.06.48.35 (version=SSLv3 cipher=OTHER); Sat, 15 Sep 2012 06:48:36 -0700 (PDT) Date: Sat, 15 Sep 2012 14:48:33 +0100 From: RW To: Mark Murray Message-ID: <20120915144833.6bf99a65@gumby.homeunix.com> In-Reply-To: References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> <20120915025820.73e04565@gumby.homeunix.com> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Ian Lepore , Doug Barton , Ben Laurie , freebsd-security@freebsd.org, "Bjoern A. Zeeb" Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Sep 2012 13:48:45 -0000 On Sat, 15 Sep 2012 09:13:49 +0100 Mark Murray wrote: > RW writes: > > So far no one has come up with a single cogent argument for > > compression. If you replace compression with hashing then the need > > modifying the kernel code is eliminated. > > Compression reduces file size without losing entropy; So does hashing until way beyond the point where we have more entropy than we need to kickstart yarrow. Internally yarrow uses SHA256 hashing anyway. > in fact it > serves as an entropy concentrator. That said, I agree that its output > is still not small enough and its speed is unacceptable. The whole point of reducing the size is to fit it into the buffers, if it doesn't do that then it's a waste of CPU cycles. The motivation for going for this XOR hack is because compression doesn't solve the buffer depletion problem. Once you've made the kernel change, compression is probably counter-productive because it's then desirable to spread the entropy as evenly as possible. > > As for modifying kernel code, > > $ cat /dev/zero > /dev/random > > ... can swamp entropy harvesting. Its an obvious attack and easily > spotted/thwarted, but I'd like to defend against it; the current code > is a bit too naive. How can an unprivileged attacker do that during or before initrandom, without having enough privileges to make it unnecessary.