From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 14:02:01 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B964116A4DA for ; Tue, 8 Aug 2006 14:02:01 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from mail.secnap.com (mail.secnap.com [204.89.241.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4AA9843D49 for ; Tue, 8 Aug 2006 14:02:01 +0000 (GMT) (envelope-from scheidell@secnap.net) Received: from [10.70.3.3] (unknown [10.70.3.3]) by mail.secnap.com (Postfix) with ESMTP id 81B22164838; Tue, 8 Aug 2006 10:02:00 -0400 (EDT) Message-ID: <44D89958.2030305@secnap.net> Date: Tue, 08 Aug 2006 10:02:00 -0400 From: Michael Scheidell Organization: SECNAP Network Security User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: "R. B. Riddick" References: <20060808135330.24187.qmail@web30310.mail.mud.yahoo.com> In-Reply-To: <20060808135330.24187.qmail@web30310.mail.mud.yahoo.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 14:02:01 -0000 R. B. Riddick wrote: >> > I was under the impression, that > kern.random.sys.harvest.ethernet > is > 1 > by default. > > That would mean, that ethernet traffic to that deeply buried box should feed > that /dev/random until it is fat and round... > > Why do u believe, that /dev/random isnt seeded by networking? > > because it isn't. and pings arn' going to produce much random data. it might feed it LATER, saving to /var/db/entropy, but when the system is booted, and there are no keys in /etc/ssh and rc.d/sshd tried to generate enough to feed to /dev/random, it doesn't At least in this case, this box, this os, this chipset. Only one I have see like this. Its a showstopper. Box won't start remote sshd, can only get at it via console. Not sure why the reluctance to even acknowledge that there could be a minor fix/patch that could prevent dead box and a ${miles=hundreds) trek to bring it back. if its never happened to you, then you may not have the exact combination I have. I can reproduce it 100% of the time, every time, all day long. Only two workarounds that I know of: #1, put in more than 3 lines of garbage on console. #2, put in more than 5 packets of garbage from ethernet (which, acknowledged: if hacker is trying to seed known data to this box, he could feed it known data) -- Michael Scheidell, CTO SECNAP Network Security / www.secnap.com scheidell@secnap.net / 1+561-999-5000, x 1131