Hi, intrigeri: > Jurre: >> Some of us have been working on creating a blueprint discussing certains >> questions related to randomness in Tails.
> FTR it looks like: > - The blueprint needs an update to take #15292 into account. > - The current status on #11897 is "We still have to discuss this". > So I don't think this blueprint currently has an up-to-date proposal > that's ready to be reviewed or discussed. If I got it wrong, please > let me know :) A year later, I've updated that blueprint¹. Main changes: - Correctly reflect the currently supported methods for installing and running Tails. - Mention the solutions that kurono and segfault have been working on. - Mark as obsolete a proposed solution that was superseded by a better one for which we have actual code. It made me realize that we've gotten somewhat stuck in a process that has become obsolete. The initial goal of #11898 + this ticket + this thread was to generate a document and proposals that we could get audited by knowledgeable folks. I believe that's because back then, we envisioned a novel, Tails-specific solution. But it turns out that we don't really need to invent any wheel here: kurono and segfault wrote code that demonstrates we have two ways to simply implement what's commonly accepted as best practice (i.e. what most other operating systems do): #11897. Some implementation details differ (e.g. where exactly the persistent seed is stored) but that's not particularly relevant from a security design standpoint, and I don't think the original goal of this process is still relevant: at this point, I don't really see what we would need to ask the crypto community. I'm going to update Redmine so it reflects my understanding of where we're at now. If I got any of this wrong, I'll be happy to stand corrected. I expect we'll reuse quite some bits of the blueprint when updating the design doc for #11897, so thanks a lot to everyone who did the research and the writing! And it'll still be useful if we can get skilled folks to review the actual implementation: a well established security design can be erroneously implemented. [1] https://tails.boum.org/blueprint/randomness_seeding/ Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.