On Sun, 2014-11-02 at 09:45 +0000, Mark R V Murray wrote: > Hi DES, > > I’m scared witless of this being on-by-default, for the reason given in the > removed comment. I’d much prefer to see it only turned on if a kernel option > is set, and the embedded folks /et al/ can use that. > > Please reinstate the #ifdef RANDOM_AUTOSEED, and set a kernel option to turn > it on. Please also leave the comment; summarily turning on an unprepared > generator is not going to be obvious to anyone but an attacker. > > Moving the point of the auto-firstseed to where is good, thanks. > > M >
To give you some idea of how usable this new stuff is on a system that isn't an x86 server or someone's desktop or laptop... after commenting out the postrandom so that a board would at least boot (but before DES' resend change), I left a board sitting idle at the login prompt. It was somewhere between 40 minutes and an hour before I saw this: FreeBSD/arm (rpi) (ttyu0) login: random: reseed - fast - thresh 96,1 - 0 48 0 0 0 130 0 0 620 0 0 0 0 0 0 0 0 0 0 0 random: reseed - slow - thresh 128,2 - 0 44 0 0 0 130 0 0 619 0 0 0 0 0 0 0 0 0 0 0 random: unblocking device. Securing a system against some theoretical attack has value only to the point where the system is no longer usable at all. At that point you kind of have to declare the attacker the winner, and he didn't even have to actually launch an attack. -- Ian > > On 2 Nov 2014, at 02:01, Dag-Erling Smørgrav <d...@freebsd.org> wrote: > > > > Author: des > > Date: Sun Nov 2 02:01:55 2014 > > New Revision: 273958 > > URL: https://svnweb.freebsd.org/changeset/base/273958 > > > > Log: > > Restore the auto-reseed logic, but move it to a much later point, > > immediately before kick_init. > > > > Approved by: so (self) > > > > Modified: > > head/sys/dev/random/random_adaptors.c > > head/sys/dev/random/yarrow.c > > > > Modified: head/sys/dev/random/random_adaptors.c > > ============================================================================== > > --- head/sys/dev/random/random_adaptors.c Sun Nov 2 01:47:27 2014 > > (r273957) > > +++ head/sys/dev/random/random_adaptors.c Sun Nov 2 02:01:55 2014 > > (r273958) > > @@ -447,30 +447,8 @@ random_adaptors_deinit(void) > > } > > > > /* > > - * First seed. > > - * > > - * NB! NB! NB! > > - * NB! NB! NB! > > - * > > - * It turns out this is bloody dangerous. I was fiddling with code > > elsewhere > > - * and managed to get conditions where a safe (i.e. seeded) entropy device > > should > > - * not have been possible. This managed to hide that by unblocking the > > device anyway. > > - * As crap randomness is not directly distinguishable from good > > randomness, this > > - * could have gone unnoticed for quite a while. > > - * > > - * NB! NB! NB! > > - * NB! NB! NB! > > - * > > - * Very luckily, the probe-time entropy is very nearly good enough to > > cause a > > - * first seed all of the time, and the default settings for other entropy > > - * harvesting causes a proper, safe, first seed (unblock) in short order > > after that. > > - * > > - * That said, the below would be useful where folks are more concerned with > > - * a quick start than with extra paranoia in a low-entropy environment. > > - * > > - * markm - October 2013. > > + * Reseed the active adaptor shortly before starting init(8). > > */ > > -#ifdef RANDOM_AUTOSEED > > /* ARGSUSED */ > > static void > > random_adaptors_seed(void *unused __unused) > > @@ -484,6 +462,5 @@ random_adaptors_seed(void *unused __unus > > > > arc4rand(NULL, 0, 1); > > } > > -SYSINIT(random_seed, SI_SUB_INTRINSIC_POST, SI_ORDER_LAST, > > - random_adaptors_reseed, NULL); > > -#endif /* RANDOM_AUTOSEED */ > > +SYSINIT(random_seed, SI_SUB_KTHREAD_INIT, SI_ORDER_FIRST, > > + random_adaptors_seed, NULL); > > > > Modified: head/sys/dev/random/yarrow.c > > ============================================================================== > > --- head/sys/dev/random/yarrow.c Sun Nov 2 01:47:27 2014 > > (r273957) > > +++ head/sys/dev/random/yarrow.c Sun Nov 2 02:01:55 2014 > > (r273958) > > @@ -508,7 +508,9 @@ void > > random_yarrow_reseed(void) > > { > > > > + mtx_lock(&random_reseed_mtx); > > reseed(SLOW); > > + mtx_unlock(&random_reseed_mtx); > > } > > > > int > > > _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
