Web lists-archives.com

Re: FYI/RFC: early-rng-init-tools




On Mon, 2019-02-25 at 16:48 +0000, Thorsten Glaser wrote:
> Ben Hutchings dixit:
> 
> >>     ‣ writes between 32 and 256 bytes to /dev/urandom (but does not
> >>       accredit them yet, just remembers the amount written)
> >
> >How do you determine the number of bytes here?
> 
> 32 + arc4random_uniform(256 - 32 + 1)

OMG.  Don't randomise the length.

[...]
> If the postinst (first time 1024 bits get written into
> the seed file), cronjob (where the seed file is mixed
> with another 128/192 bit from the kernel), shutdown
> (where 512 bits in the seedfile are overwritten with
> 512 fresh bits from /dev/urandom) do not have entropy
> enough, you have a different problem.
[...]

Yes, but your implementation fails open in that case.  In early boot
you should remove the seed file rather than creating it with
insufficient entropy.

To refresh the seed file, you should start a service at boot that does
a blocking read from /dev/random (not /dev/urandom).  Possibly it
should sleep a few minutes or have dependencies that prevent it from
taking away entropy from other services.

I don't see the point of doing this repeatedly in a cron job.  And you
can't do it properly at shutdown since you shouldn't block then.

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption]
would be development of an easy way to factor large prime numbers.
                                                           - Bill Gates


Attachment: signature.asc
Description: This is a digitally signed message part