On Sun, 02 Sep 2012 15:20:31 -0700
Doug Barton wrote:
> On 08/22/2012 11:43, David E. O'Brien wrote:
> > Author: obrien
> > Date: Wed Aug 22 18:43:21 2012
> > New Revision: 239569
> > URL: http://svn.freebsd.org/changeset/base/239569
> >
> > Log:
> > Remove old entropy seeding after consumption
> > initializing /dev/random PRNG. Not doing so opens us up to replay
> > attacks.
>
> I object to this change, and would like to see it discussed more.
No entropy file is effectively equivalent to a known file and anything
is better than that. Simply writing out a new version of /entropy
would be better.
The more significant problem is that initrandom dumps some very
low-grade entropy into /dev/random before the entropy file (see below).
Since /dev/random has very limited buffering, and processes the buffers
in a timed loop, it's almost certain that the first entropy file is
completely discarded. IMO the order should be reversed or the low-grade
stuff should be piped through sha256.
# XXX temporary until we can improve the entropy
# harvesting rate.
# Entropy below is not great, but better than nothing.
# This unblocks the generator at startup
( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
| dd of=/dev/random bs=8k 2>/dev/null
cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
# First pass at reseeding /dev/random.
#
case ${entropy_file} in
[Nn][Oo] | '')
;;
*)
if [ -w /dev/random ]; then
feed_dev_random "${entropy_file}"
fi
;;
esac
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
