From owner-cvs-all@FreeBSD.ORG Mon Apr 12 17:54:53 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDA1C16A4F6 for ; Mon, 12 Apr 2004 17:54:51 -0700 (PDT) Received: from root.org (root.org [67.118.192.226]) by mx1.FreeBSD.org (Postfix) with SMTP id AED9243D55 for ; Mon, 12 Apr 2004 17:54:51 -0700 (PDT) (envelope-from nate@root.org) Received: (qmail 71804 invoked by uid 1000); 13 Apr 2004 00:54:53 -0000 Date: Mon, 12 Apr 2004 17:54:53 -0700 (PDT) From: Nate Lawson To: Richard Coleman In-Reply-To: <407B3801.4090001@mindspring.com> Message-ID: <20040412174616.K71599@root.org> References: <200404110746.i3B7kiIn075106@grimreaper.grondar.org> <20040412153153.I70759@root.org> <407B3801.4090001@mindspring.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: cvs-src@FreeBSD.ORG cc: src-committers@FreeBSD.ORG cc: cvs-all@FreeBSD.ORG cc: Mark Murray Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random randomdev.h randomdev_soft.c randomdev_soft.h yar X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 00:54:53 -0000 On Mon, 12 Apr 2004, Richard Coleman wrote: > Nate Lawson wrote: > > >>Yarrow's entropy accumulation and PRNG generator parts are disconnected > >>(that is part of its point), so there is no connection between the > >>number of bytes harvested and the number of bytes supplied. This > >>makes a very long armoured pipeline between accumulation and issue, > >>which seems like overkill when the suppied entropy is 99% OK (far > >>better than Yarrow currently ever gets, BTW). > >> > >>[...] > >> > >>Yarrow is unsuitable for this purpose; it is a great generator when > >>you have a low-entropy environment and you need to protect against > >>attackers having potential knowledge of the inputs. > > > > * XSTORE is an unprivileged operation, users can call it all they want. > > > > * If your hardware fails undetectably somehow (101010101...), a > > single-source PRNG also fails. If we seed our existing PRNG which > > accepts multiple sources, it doesn't. > > > > I think Jacques said it best. All I'm asking is that we use a > > well-reviewed PRNG and as many entropy sources as possible, including this > > nice VIA part. > > > > -Nate > > I agree with this sentiment. The more crypto hardware that becomes > available, the more of it that will be crap. Please don't mischaracterize me, that is not what I said. My whole point with that long strength vs. assurance discussion was to point out the need for systems to fail closed. I've said nothing about the likelihood of this particular hardware failing in any way. My concern is that the risk is higher that we fail open if we neglect to use multiple sources of entropy and a PRNG with those sources. I feel I've given enough information, including links to our whitepaper, for people to consider how to move forward on this. All opinions I've expressed in this thread are not my employer's. I think VIA has provided a very useful hardware entropy source; let's properly use it. -Nate