Re: Randomness using computers



On 2011-01-12, unruh <unruh@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 2011-01-12, Ilmari Karonen <usenet2@xxxxxxxxxxxxxx> wrote:

...and if /dev/urandom blocked until the entropy pool was seeded, you
could actually count on https not starting (or at least not generating
keys) before enough entropy was collected.

And nothing else starting either, as the computer sat there as a cold
lump of metal. Nor could you correct for the lack of "entropy" since the
computer did not work.

You seem to be under the impression that computers have to perform
their startup tasks sequentially, and cannot defer or skip tasks that
fail for some reason.

Of course, if the computer, say, only accepts user input via ssh, only
gets entropy from user input, and is unable to start sshd due to lack
of entropy for host key generation, then there may be a problem. I
still don't think making the system silently generate an insecure host
key is the right way to solve that problem.

As a matter of fact, I came across a report of that very problem
happening with a bunch of remote servers automatically booted from a
cloned disk image of FreeBSD, whose /dev/urandom apparently does
behave as I suggested it should (and is actually a symlink to
/dev/random, which otherwise behaves like urandom on Linux). The
solution found in that case was apparently to keep pinging the
server(s) until they'd collected enough entropy from network timings.

An alternative solution suggested was to preload the disk image with a
saved RNG state; even if having each server start with the same seed
would've been less than ideal from a security viewpoint, it at least
would've let them boot up and would still have been better than no
seeding at all. Of course, the best solution would've been to equip
the servers with hardware RNGs.

Here's the thread, if you're curious:
http://lists.freebsd.org/pipermail/freebsd-security/2006-August/003921.html

--
Ilmari Karonen
To reply by e-mail, please replace ".invalid" with ".net" in address.
.