From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 14:15:05 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55B7D16A4DA for ; Tue, 8 Aug 2006 14:15:05 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30313.mail.mud.yahoo.com (web30313.mail.mud.yahoo.com [68.142.201.231]) by mx1.FreeBSD.org (Postfix) with SMTP id B623F43D45 for ; Tue, 8 Aug 2006 14:15:02 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 56773 invoked by uid 60001); 8 Aug 2006 14:15:02 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=MTaOqcoOirvtTzxAs1vATRmgkSprera3inqq1Y1egkGJzJFCZGrwofjzqZSYgaMEZaTRbZAOF9VNSJ1BwQg+SkvVVRj98JeLfnyEbjV4QCtL3b7sB1vDO2ykAHaNmTe4OZAfeYbLiKnfiD5ZOhKuuDDh0OBmRC/dHCCkVTSOmOM= ; Message-ID: <20060808141501.56763.qmail@web30313.mail.mud.yahoo.com> Received: from [213.54.69.172] by web30313.mail.mud.yahoo.com via HTTP; Tue, 08 Aug 2006 07:15:01 PDT Date: Tue, 8 Aug 2006 07:15:01 -0700 (PDT) From: "R. B. Riddick" To: Michael Scheidell In-Reply-To: <44D89958.2030305@secnap.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 14:15:05 -0000 --- Michael Scheidell wrote: > R. B. Riddick wrote: > > Why do u believe, that /dev/random isnt seeded by networking? > > > > > because it isn't. > and pings arn' going to produce much random data. > Hmm... Interesting... > it might feed it LATER, saving to /var/db/entropy, but when the system > is booted, and there are no keys in /etc/ssh and rc.d/sshd tried to > generate enough to feed to /dev/random, it doesn't > Hopefully... I was under the impression, that new "random" events are gathered continuously in order to create an always good source of random ... > I can reproduce it 100% of the time, every time, all day long. > OK... But I still dont understand why that is... Does it have an ethernet NIC? Is that sysctl (kern.random.sys.harvest.ethernet) set to 1 before rc.d/sshd starts? > Only two workarounds that I know of: > #1, put in more than 3 lines of garbage on console. > #2, put in more than 5 packets of garbage from ethernet > (which, acknowledged: if hacker is trying to seed known data to this > box, he could feed it known data) > If I may add: I know another workaround: Create the key files during the install process, which has to be done quite handish anyway, if u do it on a far away deeply buried box... Or not? -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com