On 25 Dec 2013, at 02:04, Xin Li <delp...@delphij.net> wrote: > No, we are not talking about removing /var/db/entropy. What I am > proposing to do is to disable entropy savings from jails. Here is why: > > The way a PRNG works is that it uses one or many entropy sources to > "feed" its internal state, and generate a series of pseudo-random > numbers from the internal state via a PRF. > > FreeBSD collects entropy from several sources: Ethernet, interrupts, > software interrupts, etc., as well as hardware RNG that is available > to the system, and use all these entropy to derive the internal state > of its PRNG. > > When reading from /dev/random, one essentially consumes entropy that > is fed into the random device, and eventually it would cause a reseed. > In an ideal world, we would want this to be less predicable and > controllable from a potential attacker.
So far so good. :-) > Normal applications tends to read /dev/random in small bites, and do > so in a discrete and nearly random manner, assuming we have a lot of > processes running. Saving entropy, on the other hand, happen in > larger chunks at a determined time. With multiple jails running, one > would have a lot of big chunk reads from the /dev/random device, > making its behavior more deterministic, which could have bad consequences. I doubt it goes as far as “bad”, but it certainly does no good. I would support the notion of not caching entropy in jails IFF this didn’t leak out and prevent harvesting in the jail’s host AND this gave a noticeable simplification of script code. M -- Mark R V Murray
Description: Message signed with OpenPGP using GPGMail