On Mon, Sep 10, 2012 at 01:02:45PM -0700, Doug Barton wrote: > > I was exaggerating a bit - but my reasoning was that since it hasn't > > blown up in our faces yet, it's probably subtle enough to require a > > large number of samples. > > > If I were Arthur, here is how I would test the "replay attack" assertion: > > 1. Install a virgin system with everything as it was before David's > first commit, and let it run for 24 hours with all the defaults intact. > Ideally, have it do something over the network periodically to make sure > that some kind of entropy is harvested from the network drivers. Run > 'find / -name SASLKASDJKL' to make sure you get some from the disk > drivers too. > 2. Disable the cron job for the /var/db/entropy script, and comment out > the writing of /entropy at shutdown time in /etc/rc.d/random. > 3. Write a script to reboot, and once the system is fully booted do 'dd > if=/dev/random of=saved-random-out.$i count=4096' then reboot again > immediately. Values of i from 1 to 10,000 ought to do it. > 4. sha256 the saved-random-out files and see how many duplicates there are.
This test doesn't prove anything useful for the reason des@ outlined. To summarize, I have provided my findings and reasoning multiple times. I've sent a separate report with pointers to problematic code of how entropy is consumed by yarrow to secteam@. You keep asking for empirical proof of my claims. There are two claims that I make: 1) entropy isn't fully consumed by yarrow all the time - for this I have empirical proof. 2) reusing entropy seeds is a bad thing - for this I don't have empirical proof. But I have Bruce Schneier's word. Take it or leave it. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
