atom feed55 messages in org.freebsd.freebsd-currentRe: entropy reseeding is totally broken
FromSent OnAttachments
Андрей ЧерновOct 19, 2000 9:48 pm 
Udo SchweigertOct 19, 2000 10:57 pm 
Андрей ЧерновOct 19, 2000 11:39 pm 
Андрей ЧерновOct 19, 2000 11:51 pm 
Doug BartonOct 20, 2000 1:18 am 
Андрей ЧерновOct 20, 2000 9:27 am 
Андрей ЧерновOct 20, 2000 9:43 am 
Mark MurrayOct 20, 2000 10:06 am 
Андрей ЧерновOct 20, 2000 1:13 pm 
Warner LoshOct 24, 2000 11:15 am 
Terry LambertOct 25, 2000 3:35 am 
Андрей ЧерновOct 25, 2000 3:50 am 
Mark MurrayOct 25, 2000 10:37 am 
Андрей ЧерновOct 25, 2000 11:12 am 
Wesley MorganOct 25, 2000 2:15 pm 
Mark MurrayOct 25, 2000 3:12 pm 
John W. De BoskeyOct 25, 2000 4:20 pm 
Wesley MorganOct 25, 2000 4:50 pm 
Mark MurrayOct 25, 2000 5:01 pm 
Doug BartonOct 25, 2000 9:28 pm 
Ed HallOct 26, 2000 12:30 am 
David O'BrienOct 26, 2000 12:50 am 
Андрей ЧерновOct 26, 2000 1:47 am 
Kris KennawayOct 26, 2000 2:17 am 
Kris KennawayOct 26, 2000 2:21 am 
Андрей ЧерновOct 26, 2000 2:54 am 
Андрей ЧерновOct 26, 2000 3:01 am 
Rod TaylorOct 26, 2000 3:30 am 
Андрей ЧерновOct 26, 2000 3:34 am 
Jordan HubbardOct 26, 2000 5:20 am 
John W. De BoskeyOct 26, 2000 6:24 am 
Matt DillonOct 26, 2000 9:55 am 
Mark MurrayOct 26, 2000 10:06 am 
Mark MurrayOct 26, 2000 10:17 am 
John BaldwinOct 26, 2000 11:06 am 
Андрей ЧерновOct 26, 2000 11:36 am 
Terry LambertOct 26, 2000 12:04 pm 
Mark MurrayOct 26, 2000 12:39 pm 
Doug BartonOct 26, 2000 12:49 pm 
David O'BrienOct 26, 2000 1:26 pm 
Mark MurrayOct 26, 2000 1:29 pm 
Matt DillonOct 26, 2000 1:47 pm 
Mark MurrayOct 26, 2000 2:02 pm 
Ed HallOct 26, 2000 2:03 pm 
Matt DillonOct 26, 2000 2:25 pm 
Doug BartonOct 26, 2000 2:44 pm 
Poul-Henning KampOct 26, 2000 2:51 pm 
Wesley MorganOct 26, 2000 3:07 pm 
David O'BrienOct 26, 2000 3:15 pm 
Poul-Henning KampOct 26, 2000 3:18 pm 
Jim BryantOct 26, 2000 3:29 pm 
Mark MurrayOct 26, 2000 3:56 pm 
Doug BartonOct 26, 2000 9:00 pm 
Terry LambertOct 27, 2000 5:19 pm 
Doug BartonOct 27, 2000 7:18 pm 
Subject:Re: entropy reseeding is totally broken
From:Matt Dillon (dil@earth.backplane.com)
Date:Oct 26, 2000 9:55:38 am
List:org.freebsd.freebsd-current

:In real life, machines don't always get rebooted in a completely :controlled fashion (panic, power failure, etc.). Anything that :makes a reboot longer or less reliable is a definite non-starter. : :I can guarantee you, if the current /dev/random code isn't fixed before :it makes STABLE, folks running servers 24/7 are going to rip it right :out. : : -Ed

I don't understand why /dev/random has to be reseeded with so many bytes in the first place... 64 or 128 bytes ought to do it, and if they don't then there is something fundamentally wrong with /dev/random that needs to be addressed. The proper way to address is NOT to try to push a larger seed into it. Hell, a *4* byte reseeding should generate sufficient randomness for our purposes (though obviously it is not cryptographically secure enough).

I am certainly not willing to wait more then 500ms on boot for /dev/random to seed, and I doubt very many other people would be either.

In regards to 'reboot' verses 'shutdown' ... the solution here is simple: don't try to save the random seed from the shutdown script. I would argue that the very *LAST* thing you want to do when shutting a machine down is start writing out files. And, frankly, depending on people using 'shutdown' is silly since most people run their machines either until they drop, or use 'reboot' rather then 'shutdown'.

The solution is to deal with entropy at boot time, and also regenerate the file from /etc/periodic/daily.

At boot time you do this:

* load the entropy file (128 bytes is plenty!) * fold in the current time (including microseconds) * fold in the "/" directory's mtime * fold in some junk from /var/log and dmesg. * save the entropy file * done.

From /etc/periodic/daily you do this:

* generate a random number * store it as the entropy file (128 bytes is plenty!)

-Matt

To Unsubscribe: send mail to majo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message