[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kaslr: better rng
Le 06/11/2017 à 18:35, Taylor R Campbell a écrit :
Date: Mon, 6 Nov 2017 07:30:35 +0100
From: Maxime Villard <max%m00nbsd.net@localhost>
I would like to use a system similar to the /var/db/entropy-file
implementation. That is to say, when running the system generates
/var/db/random-file, which would contain at least 256bytes of random
data. When booting the bootloader reads this file, can use some of
its bytes to get random values. It then gives the file to the
prekern which will use some other parts of it. The prekern finally
gives the file to the kernel which can use the rest.
Seems to me we should just use one file, and the bootloader should use
it as a seed for a PRNG from which it draws
(a) kaslr bits, and
(b) a seed for the entropy pool (which is currently just /var/db/entropy)
The bootloader already reads a file. Teaching it to have a small
cryptographic PRNG shouldn't be too hard. I'm still sitting on a
draft Keccak-based entropy pool, whose Keccak implementation
(https://mumble.net/~campbell/hg/sha3/keccak.c) likely fits in the
constraints of a bootloader.
Well, we could indeed extend /var/db/entropy-file. However, I would really
prefer the random area to be generated from a previous run of the system, and
not from the bootloader taking a seed in the file. Unless there is a
combination of both?
Note that such a PRNG would also have to be implemented in the prekern and
in the kernel, and we would need three independent seeds.
Main Index |
Thread Index |