NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: WARNING pseudorandom rekeying



On Dec 29,  4:02pm, Jean-Yves Migeon wrote:
} Le 29/12/2013 05:43, Emmanuel Dreyfus a écrit :
} > On Sun, Dec 29, 2013 at 03:05:12AM +0100, Jean-Yves Migeon wrote:
} >> It means that the RNG was seeded with a (supposedly) bad state, e.g.
} >> with not enough random bits to be deemed safe.
} >>
} >> It is generally not safe to keep long term keys generated during
} >> that state.
} >
} > IMO there is something to fix, as it is easy to miss the message
} > during first boot.
} 
} The fix ain't that easy; how do you expect an environment to provide 
} sufficient entropy when:
} - all devices and interrupts are virtualized therefore considerably 
} reducing timestamp quality regarding entropy;
} - there is no trusted hardware entropy source queriable early during 
} boot (rdrand OP is only found on recent Intel CPU, and some people do 
} not consider it trustworthy).
} 
} For an interesting read, see
} http://mail-index.netbsd.org/port-xen/2012/02/24/msg007173.html
} 
} I do not know whether sysinst could install a random_seed file right 
} before restart; that would allow a first, fresh boot to begin with a 
} (not so bad) entropy state.
} 
} domU situation adds another layer of limitation too: most of the time it 
} does not start with /boot (except when using pygrub thingies), the 
} kernel is directly loaded by dom0. So it cannot rely on rndseed from 
} boot.cfg.

     pygrub just extracts the kernel (and ramdisk for linux) from
the domU, places it in a temporary file, and passes the path to
the domU creator.  The process after that is exactly as it would
be if pygrub wasn't being used.  In otherwords, /boot still wouldn't
be used.

}-- End of excerpt from Jean-Yves Migeon


Home | Main Index | Thread Index | Old Index