From owner-freebsd-current  Thu Oct 26 13:29:56 2000
Delivered-To: freebsd-current@freebsd.org
Received: from grimreaper.grondar.za (adsl-63-206-96-212.dsl.snfc21.pacbell.net [63.206.96.212])
	by hub.freebsd.org (Postfix) with ESMTP id B398937B479
	for <current@FreeBSD.org>; Thu, 26 Oct 2000 13:29:52 -0700 (PDT)
Received: from grondar.za (mark@localhost [127.0.0.1])
	by grimreaper.grondar.za (8.11.1/8.11.1) with ESMTP id e9QKTXM00442;
	Thu, 26 Oct 2000 13:29:40 -0700 (PDT)
	(envelope-from mark@grondar.za)
Message-Id: <200010262029.e9QKTXM00442@grimreaper.grondar.za>
To: Doug Barton <DougB@gorean.org>
Cc: current@FreeBSD.org
Subject: Re: entropy reseeding is totally broken 
References: <Pine.BSF.4.21.0010261218110.15371-100000@dt051n37.san.rr.com> 
In-Reply-To: <Pine.BSF.4.21.0010261218110.15371-100000@dt051n37.san.rr.com> ; from Doug Barton <DougB@gorean.org>  "Thu, 26 Oct 2000 12:49:47 PDT."
Date: Thu, 26 Oct 2000 13:29:33 -0700
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> 	I stated this same objection until I actually attended Mark's
> presentation at the 'con. The yarrow algorithm uses an encrypted hash for
> the entropy on the way in, and encrypts the output on the way out. This
> would make it extremely difficult to guess the state at reboot, even if we
> weren't picking up new entropy sources during the boot process. 

There is an angle; an attacker can attack by replaying, but this requires
strong privelige.

> 	Pending Mark's approval, I'd like to suggest we add a cron job to
> dump X k of data from /dev/random to a file (/boot/.periodic_entropy
> maybe?) and use that, AND ${entropy_file:/var/db/entropy} to reseed at
> boot, and only do the "long, annoying" failover process if neither file
> exists. The only remaining questions would be how many k of data to dump
> how often.

I like that, but I'd like to see more than one file. This avoids the race
where fsck may blat an incompletely written file after a (in)convenient
crash.

We are really headed towards saving state in the first swap partition
(if there is one).

On a related note, I'd like to see mergemaster rebuild /dev if it is not
DEVFS (obviously taking into account user preferences in MAKEDEV.local).

I believe that users are shootin their feet by not tracking /dev properly.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message