Date: Sun, 4 Apr 2021 15:28:13 +0000
From: Taylor R Campbell <riastr...@netbsd.org>
Message-ID: <20210404152814.3c56360...@jupiter.mumble.net>
| you can let NetBSD take care of it automatically
| on subsequent boots by running `/etc/rc.d/random_seed stop' to save a
| seed to disk.)
Is that file encrypted? If it is, where does the decryption key come from?
If not, what prevents someone from reading (copying) the file from the
system while it is stopped (assessing the storage device via other methods)
and then knowing exactly what the seed is going to be when the system boots?
I think I'd prefer possibly insecure, but difficult to obtain from outside
like disk drive interrupt timing low order bits than that. Regardless of
how unproven that method might be.
And what's the scheme for cheap low-end devices that have no writable storage?
(The proverbial internet toaster, for example).
Lastly, why would anyone presume that RDRAND generates less predictable
bits (less predictable to someone who knows how it works) than any of
the other methods that are used. After all, all the chips are more or
less identical, what about them can absolutely guarantee unpredictable
data (a very rare thing for computers) and how can anyone be certain
that it has been correctly implemented without any bugs?
If we want really good security, I'd submit we need to disable
the random seed file, and RDRAND (and anything similar) until we
have proof that they're perfect.
Personally, I'm happy with anything that your average high school
student is unlikely to be able to crack in an hour. I don't run
a bank, or a military installation, and I'm not the NSA. If someone
is prepared to put in the effort required to break into my systems,
then let them, it isn't worth the cost to prevent that tiny chance.
That's the same way that my house has ordinary locks - I'm sure they
can be picked by someone who knows what they're doing, and better security
is available, at a price, but a nice happy medium is what fits me best.
kre
