Date: Thu, 26 Oct 2000 12:49:47 -0700 (PDT) From: Doug Barton <DougB@gorean.org> To: John Baldwin <jhb@FreeBSD.org> Cc: Rod Taylor <rbt@zort.on.ca>, markm@FreeBSD.org, current@FreeBSD.org Subject: Re: entropy reseeding is totally broken Message-ID: <Pine.BSF.4.21.0010261218110.15371-100000@dt051n37.san.rr.com> In-Reply-To: <XFMail.001026110634.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Oct 2000, John Baldwin wrote:
> > How about when I hit the reset button? That case SHOULD be taken care
> > of too! Would it not be possible to sample /dev/random to store the
> > entropy every hour or so that the system runs? Atleast that way you
> > would be guarenteed to have something.
>
> And if a malicious user on your machine grabs the saved entropy file
> and then reboots your machine using some exploit of some sort? Granted
> neither of these tasks may be easy, and it could be done in such a way
> that the first requires root access.
I stated this same objection until I actually attended Mark's
presentation at the 'con. The yarrow algorithm uses an encrypted hash for
the entropy on the way in, and encrypts the output on the way out. This
would make it extremely difficult to guess the state at reboot, even if we
weren't picking up new entropy sources during the boot process.
Pending Mark's approval, I'd like to suggest we add a cron job to
dump X k of data from /dev/random to a file (/boot/.periodic_entropy
maybe?) and use that, AND ${entropy_file:/var/db/entropy} to reseed at
boot, and only do the "long, annoying" failover process if neither file
exists. The only remaining questions would be how many k of data to dump
how often.
Doug
--
"The dead cannot be seduced."
- Kai, "Lexx"
Do YOU Yahoo!?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010261218110.15371-100000>