Date: Wed, 9 Aug 2006 08:08:42 -0500 From: Brooks Davis <brooks@one-eyed-alien.net> To: "R. B. Riddick" <arne_woerner@yahoo.com> Cc: freebsd-security@freebsd.org, Doug Barton <dougb@freebsd.org> Subject: Re: seeding dev/random in 5.5 Message-ID: <20060809130842.GA7832@lor.one-eyed-alien.net> In-Reply-To: <20060809071735.71840.qmail@web30310.mail.mud.yahoo.com> References: <44D922E0.5050005@FreeBSD.org> <20060809071735.71840.qmail@web30310.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote: > --- Doug Barton <dougb@FreeBSD.org> wrote: > > The patches you sent to implement this option didn't come through to the > > mailing list, could you resend them please? :) > >=20 > > Seriously though, a lot of people looked at this problem when yarrow was > > introduced, and no solution became immediately apparent. So, if someone > > wants to take a crack at implementing something, knock yourself out. > >=20 > Since this is the security mailing list, I would like to direct the atten= tion > on the following points: >=20 > * I see in the CD-procedure the problem, that a postman, who is more > sophisticated than in Leslie Nielsen's "Naked Gun 33 1/3" movie, might ex= change > the media, so that u let ur Netherlandish install something u dont know a= nd/or > like. Workaround: Do you use a checksum over the media (`md5 < /dev/acd0`= ) and > transmit those checksum on a different way (maybe email)? >=20 > * I received a private communication yesterday about this matter. But the= list > did not. I will cite (not litterally) a little bit out of that message: S= ince > you do not know anything about the remotely created host-key, u cannot co= nnect > safely to the freshly installed box, because: You do not even know the > signature of the new host-key, so that if u connect to the wrong box u wo= uld > not even known. Workaround: You could give all hosts the same well-known > host-key (via your install-image-CD) and then u could change the host-key= in a > remotely controlled way individually and note down the signature? Maybe my > secret informer (lets call him Rasmus or RK) wants to come public... :-) These are valid if probably overly paranoid points. :) > * But what if the postman (see first point) know already the host-key from > reading the CD? Then he could log in to ur boxes... This isn't true. The host key lets you impersonate the host. It does not do anything related to log in (unless you use host based auth). -- Brooks --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFE2d5aXY6L6fI4GtQRAqNaAJ0Q4qiEKgZjcZJXt5QF/ZRfSAtopgCgsgHY VI9LNIKRVl2F7Mpf5uwWwVs= =cRL5 -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060809130842.GA7832>