lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <53616293.3080308@mit.edu>
Date:	Wed, 30 Apr 2014 13:52:35 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Theodore Ts'o <tytso@....edu>, Florian Weimer <fweimer@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] random: Add "initialized" variable to proc

On 04/29/2014 11:26 AM, Theodore Ts'o wrote:
> On Tue, Apr 29, 2014 at 07:51:08PM +0200, Florian Weimer wrote:
>>
>> I've got a (physical) machine where it happens after ten seconds, or much
>> longer if there is no activity.
>>
>> I've seen cases where on the first boot of virtual machines, the SSH key was
>> generated before the printk with the initialization message.  It's not a
>> problem if you install the OS first and then generate the keys, but for
>> booting from pre-provisioned images, it could be.  (I have no evidence that
>> this hurts the quality of the generated key material, this is just based on
>> what's reported by the kernel.)
> 
> Yes, fair enough, just because it works for me for my laptops doesn't
> mean that there aren't systems for which it was a problem.  :-)
> 
> I will say that for virtual machines, we *really* need virtio-rng.

I only sort of agree.  I think that for VMs, we really need a good way
to provide an initial seed and ongoing entropy, and virtio-rng isn't it.

IMO virtio-rng is, alas, terminally fscked up.  It has four issues, all
show-stopping.  Fixing them may be impossible without changing the
interface.

1. It simply doesn't work on my system.  In particular, it never returns
entropy.  It just blocks forever.

2. The hwrng code sucks and the guest will never boot if there's a
non-working virtio-rng device around.  See #1.  I *may* get around to
writing a patch for this before the next merge window.

3. There should be a way to provide some entropy-free cryptographically
secure data, too.  Regardless of the speed of the hosts's /dev/random,
the guest should start with at least 256 bits of cryptographically
secure seed material IMO.

4. virtio-pci and its asynchronous interface are too complicated to
achieve #3, even if a future virtio-rng enhancement could provide
urandom-like data.  This thing is paravirt hardware; it should be able
to provide a seed *really* early.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ