lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Sep 2019 23:38:33 +0200
From:   Martin Steigerwald <martin@...htvoll.de>
To:     "Ahmed S. Darwish" <darwish.07@...il.com>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Lennart Poettering <mzxreary@...inter.de>,
        "Theodore Y. Ts'o" <tytso@....edu>, Willy Tarreau <w@....eu>,
        Matthew Garrett <mjg59@...f.ucam.org>,
        Vito Caputo <vcaputo@...garu.com>,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
        William Jon McCann <mccann@....edu>,
        "Alexander E. Patrakov" <patrakov@...il.com>,
        zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org,
        lkml <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.3-rc8

Ahmed S. Darwish - 17.09.19, 22:52:34 CEST:
> On Tue, Sep 17, 2019 at 10:28:47PM +0200, Martin Steigerwald wrote:
> [...]
> 
> > I don't have any kernel logs old enough to see whether whether crng
> > init times have been different with Systemd due to asking for
> > randomness for UUID/hashmaps.
> 
> Please stop claiming this. It has been pointed out to you, __multiple
> times__, that this makes no difference. For example:
> 
>     https://lkml.kernel.org/r/20190916024904.GA22035@mit.edu
> 
>     No. getrandom(2) uses the new CRNG, which is either initialized,
>     or it's not ... So to the extent that systemd has made systems
>     boot faster, you could call that systemd's "fault".
> 
> You've claimed this like 3 times before in this thread already, and
> multiple people replied with the same response. If you don't get the
> paragraph above, then please don't continue replying further on this
> thread.

First off, this mail you referenced has not been an answer to a mail of 
mine. It does not have my mail address in Cc. So no, it has not been 
pointed out directly to me in that mail.

Secondly: Pardon me, but I do not see how asking for entropy early at 
boot times or not doing so has *no effect* on the available entropy¹. And 
I do not see the above mail actually saying this. To my knowledge 
Sysvinit does not need entropy for itself². The above mail merely talks 
about the blocking on boot. And whether systemd-random-seed would drain 
entropy, not whether hashmaps/UUID do. And also not the effect that 
asking for entropy early has on the available entropy and on the 
*initial* initialization time of the new CRNG. However I did not claim 
that Systemd would block booting. *Not at all*.

Thirdly: I disagree with the tone you use in your mail. And for that 
alone I feel it may be better for me to let go of this discussion.

My understanding of entropy always has been that only a certain amount 
of it can be produced in a certain amount of time. If that is wrong… 
please by all means, please teach me, how it would be.

However I am not even claiming anything. All I wrote above is that I do 
not have any measurements. But I'd expect that the more entropy is asked 
for early during boot, the longer the initial initialization of the new 
CRNG will take. And if someone else relies on this initialization, that 
something else would block for a longer time.

I got that it the new crng won't block after that anymore.

[1] https://github.com/systemd/systemd/issues/4167

(I know that it still with /dev/urandom, so if it is using RDRAND now, 
this may indeed be different, but would it then deplete entropy the CPU 
has available and that by default is fed into the Linux crng as well 
(even without trusting it completely)?)

[2] According to

https://daniel-lange.com/archives/152-Openssh-taking-minutes-to-become-available,-booting-takes-half-an-hour-...-because-your-server-waits-for-a-few-bytes-of-randomness.html

sysvinit does not contain a single line of code about entropy or random 
numbers.

Daniel even updated his blog post with a hint to this discussion.

Thanks,
-- 
Martin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ