From owner-freebsd-security@FreeBSD.ORG Thu Sep 20 10:20:51 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E11D3106566B for ; Thu, 20 Sep 2012 10:20:51 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id A1AE58FC18 for ; Thu, 20 Sep 2012 10:20:51 +0000 (UTC) Received: from localhost (cjq104.neoplus.adsl.tpnet.pl [83.31.66.104]) by mail.dawidek.net (Postfix) with ESMTPSA id 3AB11685; Thu, 20 Sep 2012 12:19:49 +0200 (CEST) Date: Thu, 20 Sep 2012 12:21:04 +0200 From: Pawel Jakub Dawidek To: RW Message-ID: <20120920102104.GA1397@garage.freebsd.pl> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919192923.GA1416@garage.freebsd.pl> <20120919205331.GE1416@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/04w6evG8XlLl3ft" Content-Disposition: inline In-Reply-To: <20120919231051.4bc5335b@gumby.homeunix.com> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) X-Mailman-Approved-At: Thu, 20 Sep 2012 11:35:14 +0000 Cc: freebsd-security@freebsd.org, Jonathan Anderson , Mariusz Gromada Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2012 10:20:52 -0000 --/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 19, 2012 at 11:10:51PM +0100, RW wrote: > On Wed, 19 Sep 2012 22:53:32 +0200 > Pawel Jakub Dawidek wrote: >=20 >=20 > > Here's how the distribution looks like for device_attach() times of my > > sound card. The times were 26bit numbers, so this is after discarding > > top ten bits, which leave us with 16 lower bits of pure entropy:) > >=20 > > http://people.freebsd.org/~pjd/misc/harvest_device_attach.png >=20 >=20 > You're basing a model for all devices on a single sound card, that > doesn't seem safe to me. Isn't it possible that a device could take a > long and well defined time? Some interrupts can carry a lot of entropy > but they are still only accounted at 2 bits. I agree, we should do such analysis for much more devices and different kind of devices. A platform might be an important factor as well. It is hard to collect decent number of probes when reboot is needed, so what I'd recommend is to turn of SMP, boot into single module and kldload/kldunload a driver in a loop, of course with kernel patched to log those times. > I don't see the point of trying to set a realistic number of bits > unless there's a need for secure random numbers before initrandom. If > there isn't then you might just as well set the estimation at zero > bits, and avoid wasting cpu cycles on unnecessary spontaneous reseeds > before the forced reseed. It would be ideal if we could provide properly seeded PRNG even for single-user mode, so eliminating initrandom altogether is also an option, but also doesn't hurt to leave it as it is. I don't like depending on initrandom as it doesn't help for single-user mode and it might be easy to make some mistake by ordering rc.d/ scripts and placing some script that needs properly seeded PRNG before initrandom. Feeding enough entropy into yarrow before even root is mounted would be perfect. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --/04w6evG8XlLl3ft Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBa7hAACgkQForvXbEpPzQNYwCggtLkg+VP8Angoz3tnnb6UtUW SpoAmgJ2GfsmN8GcWi+ex/fYI1RcjFIO =2WdM -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft--