lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <de6d2b4f0705290638w3e862274jd49b18135790cea5@mail.gmail.com>
Date:	Tue, 29 May 2007 14:38:45 +0100
From:	"M Macnair" <mmacnair@...il.com>
To:	"Theodore Tso" <tytso@....edu>, "M Macnair" <mmacnair@...il.com>,
	linux-kernel@...r.kernel.org
Subject: Re: Seeding /dev/random not working

On 5/29/07, Theodore Tso <tytso@....edu> wrote:
> On Tue, May 29, 2007 at 12:53:10PM +0100, M Macnair wrote:
> Ok, so this is telling me a couple of things.  First of all, if you're
> only getting three outputs, it means that you don't have any
> peripherals feeding entropy into the system from the boot sequence.
> Without any hard drives, keyboards or mice, and a NIC whose device
> driver hasn't been configured to feed entropy, you're definitely
> hosed.

Yes.  However this isn't the issue I'm concerned with at the moment.

> Secondly, and more importantly, your boot scripts aren't set up
> correctly.

Sorry, I only posted the startup bit - the same does indeed happen on
shutdown, however I wasn't interested in it for the purposes of the
tests.

The key point I was trying to put across was that I can't get the
seeding process to work.  No matter what I wrote to /dev/urandom on
startup, the output from reading /dev/urandom immediately afterwards
was the same (ignoring the occasional variation that I put down to
timing).  As I understand it (from man 4 random and the boot script
examples), writing to /dev/[u]random should increase the amount of
entropy, thereby altering the output from the PRNG.

> Another thing which I noticed is that when Matt Mackall took over
> maintainership of /dev/random, he apparently took out one of the
> safeguards I had, which was that before, when entropy was extracted
> from the pool the time stamp when it was extracted was mixed back into
> the pool.  The theory was that an external attacker might not know
> when a program might be calling /dev/random, so mixing in the time of
> that entropy was extracted wouldn't hurt, and might help.  I'll submit
> a patch to add that support back in, which will help you a little.

When did Matt take over?  From my experiments it would appear as
though the time is having an effect on the output, though as I say I'm
not totally sure.

Regards,
Michael Macnair
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ