Salvador Fandiqo wrote:
On 12/22/2010 01:46 AM, Theo de Raadt wrote:
2010/12/21 Theo de Raadt<dera...@cvs.openbsd.org>:
HANG ON.
Go look at the function random_seed() in /usr/src/etc/rc
Then look at when it is called.
so, the current state of the PRNG will be preserved during reboots.
That statement is false.
Good.
No. You misread the code.
That gives some information about system entropy, which will be
"good" at all times, except for the very first boot of an
installation. See : rnd.c: randomwrite() -> add_entropy_words();
That part is true. But what you said earlier is false.
However, arc4_stir will still be called once after every reboot.
During its first call, the value of nanotime() will be placed at the
beginning of buf, which is then beeing used to init the rc4 context.
What else do you think we should use? Where do we invent entropy from
when the kernel has only been running for 0.01 of a second?
Could a random seed be patched into the kernel image at installation
time?
Admittedly this is not entropy, this is a just secret key and anyone
with access to the machine would be able to read it, but from the
outside, specially considered that machines are not rebooted so often
(and when they are, it is usually for updating them), it would look
like real random data.
Now that it's amateur suggestion hour (no offense Salva), I'm going to
take a shot.
Would it be possible to use what randomness the system does have to seed
some reader that pseudo-randomly reads arbitrary bits from the loaded
kernel image in RAM?
This may differ per system, but doesn't uninitialized RAM start in an
"unknown state?" If so, could that be added to the entropy pool if it is
determined to be random (i.e. not initialized to zeros)?
