https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222807
Bug ID: 222807
Summary: PURE entropy sources are harvested but not mixed in.
Also, min-entropy low per SP800-90B measurements
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs@FreeBSD.org
Reporter: badfilema...@gmail.com
Created attachment 186932
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=186932&action=edit
patche that enable "pure" entropy sources such as RDRND to actually be mixed
At vBSDCon, JMG and I co-presented a talk on an entropy analysis and audit on
/dev/random that we conducted out of mutual interest. In the course of our
work, we found the following:
* so-called "PURE" sources of entropy, such as RDRND on Intel chips, are
harvested however the results of the harvest are never mixed in due to the
harvest mask bit never being set, with no way to set it.
* Conducting an SP800-90B entropy analysis on the non-IID track for
non-whitened entropy (the data fed into randomdev_hash_iterate, essentially),
min-entropy is rather low because of a) the trng sources weren't being mixed,
and b) there is a lot of repeat and predictable garbage that is of no value in
the harvest_event structure, especially for events with only 4 bytes worth of
data from their source in the he_entropy field.
Attached are patches which correct these two issues. They are from work done
downstream with the HardenedBSD team and have been tested.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
