From owner-freebsd-hackers@freebsd.org Tue Jul 14 13:35:21 2015 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF26099B3C3 for ; Tue, 14 Jul 2015 13:35:21 +0000 (UTC) (envelope-from vsevolod@FreeBSD.org) Received: from mail.highsecure.ru (l.highsecure.ru [5.9.155.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 82362B7F for ; Tue, 14 Jul 2015 13:35:21 +0000 (UTC) (envelope-from vsevolod@FreeBSD.org) Received: from secret-bunker.localdomain (unknown [81.145.134.172]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: vsevolod@highsecure.ru) by mail.highsecure.ru (Postfix) with ESMTPSA id B8F1A300129; Tue, 14 Jul 2015 15:35:18 +0200 (CEST) Received: from [127.0.0.1] (localhost [127.0.0.1]) by secret-bunker.localdomain (Postfix) with ESMTP id 0C5B2626D6A; Tue, 14 Jul 2015 14:35:20 +0100 (BST) Message-ID: <55A51017.9080202@FreeBSD.org> Date: Tue, 14 Jul 2015 14:35:19 +0100 From: Vsevolod Stakhov User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Yuri , Freebsd hackers list Subject: Re: Does /dev/random in virtual guests provide good random data? References: <55A2FB68.3070006@rawbw.com> <55A3763B.7010303@rawbw.com> <55A50EE9.1020900@FreeBSD.org> In-Reply-To: <55A50EE9.1020900@FreeBSD.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2015 13:35:21 -0000 On 14/07/2015 14:30, Vsevolod Stakhov wrote: > On 13/07/2015 09:26, Yuri wrote: >> On 07/12/2015 18:14, Tim Kientzle wrote: >>> http://www.2uo.de/myths-about-urandom/ >>> >>> In particular, it has this interesting comment: >>> >>> FreeBSD does the right thing: they don't have the distinction >> >> There are two approaches in random stream generation. One is to have the >> sufficient random seed, and keep generating the following pseudo-random >> numbers only from this seed. The second approach is to also continuously >> feed the stream from some external source of entropy. >> >> The fact that the long running linux VM still blocks on /dev/random >> indicates that linux tries to collect more entropy on the go, following >> the latter approach (intuitively I would also agree this is better for >> randomness). >> >> So it isn't clear why FreeBSD random stream would be of the same >> quality, if it doesn't collect entropy on the go. Because both Linux and >> BSD have exactly the same entropy sources in VM. > > That's *not* the correct definition of how the modern PRNG work. And I forgot to mention that in Linux, both /dev/random and /dev/urandom are using pseudo-random generator seeded by the entropy pool(s). So you would never ever access these pools directly. The key difference is that /dev/random blocks unless there is 'enough' entropy in those pools. But it makes a system even *less* secure if an attacker can force you to use /dev/random, as at least it would give her information about the amount of entropy available in your system which is quite dangerous for Yarrow (but not for Fortuna). -- Vsevolod Stakhov