At Sun, 4 Apr 2021 23:09:18 +0000, Taylor R Campbell <riastr...@netbsd.org> wrote: Subject: Re: regarding the changes to kernel entropy gathering > > If you know this (and this is something I certainly can't confidently > assert!), you can write 32 bytes to /dev/random, save a seed, and be > done with it.
I don't have random data easily available at install time.
I don't have random data easily available every time I boot a machine
with non-persistent storage (e.g. a test ISO image).
I _do_ trust well enough the sources of randomness in some device
drivers to provide me with a secure enough amount of entropy, for my
purposes.
And so with my fix(es) I don't need to feed supposedly random data to
every system on every install and/or every reboot.
What's worse? My fixes, or something like this in /etc/rc.local:
echo -n "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" > /dev/random
> But users who don't go messing around with obscure rndctl settings in
> rc.conf will be proverbially shot in the foot by this change -- except
> they won't notice because there is practically guaranteed to be no
> feedback whatsoever for a security disaster until their systems turn
> up in a paper published at Usenix like <https://factorable.net/>.
You're really stretching your argument thinly if you are assuming
everyone _needs_ perfect entropy here.
Also, that's only if the default RND_FLAG_ESTIMATE_* bits are turned off.
AND only if the system doesn't have some true hardware RNG.
> What your change does is equivalent to going around to every device
> driver that previously said `this provides zero entropy, or I don't
> know how much entropy it provides' and replacing that claim by `this
> is a sample of an independent and perfectly uniform random string of
> bits', which is a much stronger (and falser) claim than even the old
> `entropy estimation' confabulation that NetBSD used to do.
No, only if the default RND_FLAG_ESTIMATE_* bits are ***NOT*** turned off.
AND only if the user is like me and stuck with some poor second-grade
ancient hardware that doesn't have some fancy new true hardware RNG.
In the mean time a more productive approach would be to figure out
what's best for those of us who don't need perfection every time and/or
to fix those device drivers that could feed sufficiently random data to
the entropy pool, and then to recommend a suitable value for
rndctl_flags in /etc/rc.conf.
--
Greg A. Woods <gwo...@acm.org>
Kelowna, BC +1 250 762-7675 RoboHack <wo...@robohack.ca>
Planix, Inc. <wo...@planix.com> Avoncote Farms <wo...@avoncote.ca>
pgp1Of0SebF9S.pgp
Description: OpenPGP Digital Signature
