Re: /dev/random issue
On Thu, Oct 01, 2020 at 06:11:20PM +0200, Martin Husemann wrote: > On Thu, Oct 01, 2020 at 05:57:12PM +0200, Manuel Bouyer wrote: > > Source Bits Type Flags > > /dev/random 0 ??? estimate, collect, v > [..] > > seed 0 ??? estimate, collect, v > > No random number generator and you did not seed the machine. I still firmly believe that the fan sensor, at least, should be counting bits by default -- there is an obvious, random physical process (turbulence) involved. That's not likely to get you enough bits to move forward, though. > > On another machine with working random number generator (nearly all modernish > amd64 machines have that) do: > > dd if=/dev/random of=/tmp/file bs=32 count=1 > > then scp the file over and dd it into /dev/random: > > dd if=/tmp/file of=/dev/random bs=32 count=1 > > This will be preserved accross reboots, so it is a one-time only fix. > > Martin -- Thor Lancelot Simon t...@panix.com "Whether or not there's hope for change is not the question. If you want to be a free person, you don't stand up for human rights because it will work, but because it is right." --Andrei Sakharov
Re: /dev/random issue
> Date: Thu, 1 Oct 2020 18:30:29 +0200 > From: Manuel Bouyer > > that doens't explain why the other sources of entropy, which were working > bedore, are not working any more. They are working exactly as well as they did before. What is different is that NetBSD is no longer lying to you about how much entropy it can confidently assert is provided by the source. See https://mail-index.NetBSD.org/current-users/2020/05/01/msg038495.html for more information about the changes in the entropy subsystem since netbsd-9. There's a problem with Python which I'll go into in another message. > > On another machine with working random number generator (nearly > > all modernish amd64 machines have that) do: > > > > dd if=/dev/random of=/tmp/file bs=32 count=1 > > > > then scp the file over and dd it into /dev/random: > > > > dd if=/tmp/file of=/dev/random bs=32 count=1 > > > > This will be preserved accross reboots, so it is a one-time only fix. > > OK. But how is it preserved across reboot ? Where does the kernel stores it ? The one step martin maybe should have added is: /etc/rc.d/random_seed stop or rndctl -S /var/db/entropy-file This has the effect of writing a seed to disk, and you only need to do it once. When the machine next boots up, it will update the seed file at the same time it loads the seed, so (barring a read-only root file system) it will be maintained from boot to boot and won't be reused. /etc/security will also update the seed file on a daily basis so any entropy gathered during the boot will be periodically saved to disk even if you don't shut down cleanly.
Re: /dev/random issue
Date:Thu, 1 Oct 2020 18:57:12 +0200 From:Manuel Bouyer Message-ID: <20201001165712.ga1...@antioche.eu.org> | which, basically. means that one should not use reboot, halt or poweroff | any more ... And of course, the system must never cash, hang, or suffer a power failure. kre
Re: /dev/random issue
On Thu, 1 Oct 2020 18:57:12 +0200 Manuel Bouyer wrote: > > > OK. But how is it preserved across reboot ? Where does the kernel stores > > > it ? > > > > Shutdown process will store a new seed file > > ha OK, so it's preserved on shutdown(8), not reboot(2) > > which, basically. means that one should not use reboot, halt or poweroff > any more ... The seed file also gets rewritten immediately after being loaded during rc boot, so that an adversary that can trigger a power outage or reset cannot trivially force a seed to be reused. -Tobias
Re: /dev/random issue
On Thu, Oct 01, 2020 at 09:39:18AM -0700, Paul Goyette wrote: > > > > > On another machine with working random number generator (nearly all > > > modernish > > > amd64 machines have that) do: > > > > > > dd if=/dev/random of=/tmp/file bs=32 count=1 > > > > > > then scp the file over and dd it into /dev/random: > > > > > > dd if=/tmp/file of=/dev/random bs=32 count=1 > > > > > > This will be preserved accross reboots, so it is a one-time only fix. > > > > OK. But how is it preserved across reboot ? Where does the kernel stores it > > ? > > Shutdown process will store a new seed file ha OK, so it's preserved on shutdown(8), not reboot(2) which, basically. means that one should not use reboot, halt or poweroff any more ... -- Manuel Bouyer NetBSD: 26 ans d'experience feront toujours la difference --
Re: /dev/random issue
On Thu, Oct 01, 2020 at 06:30:29PM +0200, Manuel Bouyer wrote: > that doens't explain why the other sources of entropy, which were working > bedore, are not working any more. I'll let Taylor explain that in more details (my own memorized management summary: they used to lie and now don't - but this is a contended topic). Martin
Re: /dev/random issue
On another machine with working random number generator (nearly all modernish amd64 machines have that) do: dd if=/dev/random of=/tmp/file bs=32 count=1 then scp the file over and dd it into /dev/random: dd if=/tmp/file of=/dev/random bs=32 count=1 This will be preserved accross reboots, so it is a one-time only fix. OK. But how is it preserved across reboot ? Where does the kernel stores it ? Shutdown process will store a new seed file ++--+---+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | p...@whooppee.com | | Software Developer | 0786 F758 55DE 53BA 7731 | pgoye...@netbsd.org | ++--+---+
Re: /dev/random issue
On Thu, Oct 01, 2020 at 06:11:20PM +0200, Martin Husemann wrote: > On Thu, Oct 01, 2020 at 05:57:12PM +0200, Manuel Bouyer wrote: > > Source Bits Type Flags > > /dev/random 0 ??? estimate, collect, v > [..] > > seed 0 ??? estimate, collect, v > > No random number generator and you did not seed the machine. that doens't explain why the other sources of entropy, which were working bedore, are not working any more. > > On another machine with working random number generator (nearly all modernish > amd64 machines have that) do: > > dd if=/dev/random of=/tmp/file bs=32 count=1 > > then scp the file over and dd it into /dev/random: > > dd if=/tmp/file of=/dev/random bs=32 count=1 > > This will be preserved accross reboots, so it is a one-time only fix. OK. But how is it preserved across reboot ? Where does the kernel stores it ? -- Manuel Bouyer NetBSD: 26 ans d'experience feront toujours la difference --
Re: /dev/random issue
On Thu, Oct 01, 2020 at 05:57:12PM +0200, Manuel Bouyer wrote: > Source Bits Type Flags > /dev/random 0 ??? estimate, collect, v [..] > seed 0 ??? estimate, collect, v No random number generator and you did not seed the machine. On another machine with working random number generator (nearly all modernish amd64 machines have that) do: dd if=/dev/random of=/tmp/file bs=32 count=1 then scp the file over and dd it into /dev/random: dd if=/tmp/file of=/dev/random bs=32 count=1 This will be preserved accross reboots, so it is a one-time only fix. Martin
/dev/random issue
Hello, I just got what looks like a /dev/random issue on HEAD. A python process, part of the glib2 build, hangs on entropy. I have enabled all the possible sources but rndctl show '0' for everything: Source Bits Type Flags /dev/random 0 ??? estimate, collect, v uhid1 0 tty estimate, collect, v, t, dt uhid0 0 tty estimate, collect, v, t, dt ums0 0 tty estimate, collect, v, t, dt ukbd0 0 tty estimate, collect, v, t, dt wd0 0 disk estimate, collect, v, t, dt cpu3 0 vm estimate, collect, v, t, dv cpu2 0 vm estimate, collect, v, t, dv cpu1 0 vm estimate, collect, v, t, dv cpu0 0 vm estimate, collect, v, t, dv re0 0 net estimate, collect, v, t, dt aibs0--+12-Volt 0 power estimate, collect, v, t, dv, dt aibs0--+5-Volta 0 power estimate, collect, v, t, dv, dt aibs0--+3.3-Vol 0 power estimate, collect, v, t, dv, dt aibs0-Vcore-Vol 0 power estimate, collect, v, t, dv, dt aibs0-MB-Temper 0 env estimate, collect, v, t, dv, dt aibs0-CPU-Tempe 0 env estimate, collect, v, t, dv, dt aibs0-POWER-FAN 0 env estimate, collect, v, t, dv, dt aibs0-CHASSIS20 env estimate, collect, v, t, dv, dt aibs0-CHASSIS10 env estimate, collect, v, t, dv, dt aibs0-CPU-FAN-S 0 env estimate, collect, v, t, dv, dt system-power 0 power estimate, collect, v, t, dt autoconf 0 ??? estimate, collect, t seed 0 ??? estimate, collect, v This is kernel and userland from NetBSD-Daily/HEAD/202009281900Z/ Any idea ? -- Manuel Bouyer NetBSD: 26 ans d'experience feront toujours la difference --
