Date: Mon, 3 Sep 2012 00:57:08 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <20120903005708.7082f230@gumby.homeunix.com> In-Reply-To: <5043DBAF.40506@FreeBSD.org> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 02 Sep 2012 15:20:31 -0700 Doug Barton wrote: > On 08/22/2012 11:43, David E. O'Brien wrote: > > Author: obrien > > Date: Wed Aug 22 18:43:21 2012 > > New Revision: 239569 > > URL: http://svn.freebsd.org/changeset/base/239569 > > > > Log: > > Remove old entropy seeding after consumption > > initializing /dev/random PRNG. Not doing so opens us up to replay > > attacks. > > I object to this change, and would like to see it discussed more. No entropy file is effectively equivalent to a known file and anything is better than that. Simply writing out a new version of /entropy would be better. The more significant problem is that initrandom dumps some very low-grade entropy into /dev/random before the entropy file (see below). Since /dev/random has very limited buffering, and processes the buffers in a timed loop, it's almost certain that the first entropy file is completely discarded. IMO the order should be reversed or the low-grade stuff should be piped through sha256. # XXX temporary until we can improve the entropy # harvesting rate. # Entropy below is not great, but better than nothing. # This unblocks the generator at startup ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \ | dd of=/dev/random bs=8k 2>/dev/null cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null # First pass at reseeding /dev/random. # case ${entropy_file} in [Nn][Oo] | '') ;; *) if [ -w /dev/random ]; then feed_dev_random "${entropy_file}" fi ;; esac
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120903005708.7082f230>