On 25 Dec 2013, at 02:04, Xin Li <delp...@delphij.net> wrote:
> No, we are not talking about removing /var/db/entropy.  What I am
> proposing to do is to disable entropy savings from jails.  Here is why:
> The way a PRNG works is that it uses one or many entropy sources to
> "feed" its internal state, and generate a series of pseudo-random
> numbers from the internal state via a PRF.
> FreeBSD collects entropy from several sources: Ethernet, interrupts,
> software interrupts, etc., as well as hardware RNG that is available
> to the system, and use all these entropy to derive the internal state
> of its PRNG.
> When reading from /dev/random, one essentially consumes entropy that
> is fed into the random device, and eventually it would cause a reseed.
> In an ideal world, we would want this to be less predicable and
> controllable from a potential attacker.

So far so good. :-)

> Normal applications tends to read /dev/random in small bites, and do
> so in a discrete and nearly random manner, assuming we have a lot of
> processes running.  Saving entropy, on the other hand, happen in
> larger chunks at a determined time.  With multiple jails running, one
> would have a lot of big chunk reads from the /dev/random device,
> making its behavior more deterministic, which could have bad consequences.

I doubt it goes as far as “bad”, but it certainly does no good.

I would support the notion of not caching entropy in jails IFF this
didn’t leak out and prevent harvesting in the jail’s host AND this
gave a noticeable simplification of script code.

Mark R V Murray

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to