On 28.05.2019 12:37, Petr Štetiar wrote:
Rosen Penev <ros...@gmail.com> [2019-05-27 19:19:53]:
Hi,
Tested this on both mt7621 and Turris Omnia. Works pretty well. Init
gets done fast.
thanks a lot for testing, can you please reply with your Tested-by next time
so the patchwork could add this tag automatically to this patch?
The Turris people might want something like this or they need to fix haveged
to run earlier.
I've been recommended haveged many times (by someone from nic.cz as well), so
my initial idea was to simply give it a go and create uhaveged, but I quickly
came to the conclusion, that it won't work for OpenWrt for many reasons, which
I've already forget, but I think it wasn't truly multiplatform solution due to
some compiler/assembly magic.
Then I've simply found out, that haveged is no longer considered good
enough[1] by the security community:
Also the use of `haveged` is recommended, which is a bad idea as this daemon
can create blocking situations during key generation effectively creating a
deadlock and thus security problems. haveged's design is from 2002, it has
never been audited, there're only papers by the original authors available.
Even Andre Seznec, one of the main HAVEGE authors stated following[2]:
He also pointed out a security warning: with some VMs, the hardware cycles
counter is emulated and deterministic, and thus predictible[3]. He therefore
does not recommend using HAVEGE on those systems.
so I started looking at other options and luckily enough, I've found out about
this KISS jitter RNG.
1. https://lists.cert.at/pipermail/ach/2017-May/002251.html
2.
https://github.com/BetterCrypto/Applied-Crypto-Hardening/commit/cf7cef7a870c1b77089b1bd6209ded6525b5a4e0#commitcomment-23006392
3.
https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02
-- ynezz
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
works good on Atom 330
first boot
dmesg | grep random
before
[ 29.043097] random: fast init done
[ 76.467115] random: crng init done
after
[ 0.000000] random: get_random_bytes called from
start_kernel+0x6d/0x3df with crng_init=0
[ 5.899674] random: jshn: uninitialized urandom read (4 bytes read)
[ 5.933012] random: jshn: uninitialized urandom read (4 bytes read)
[ 5.957578] random: jshn: uninitialized urandom read (4 bytes read)
[ 6.969902] urandom_read: 4 callbacks suppressed
[ 6.969907] random: jshn: uninitialized urandom read (4 bytes read)
[ 10.043998] random: jshn: uninitialized urandom read (4 bytes read)
[ 10.550301] random: mkfs.f2fs: uninitialized urandom read (16 bytes read)
[ 11.420925] urandom-seed: Seed file not found (/etc/urandom.seed)
[ 13.321222] random: crng init done
Regards
Tested-by Lucian Cristian <lucian.crist...@gmail.com>
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
