Re: kaslr: better rng

[Maxime Villard <max%m00nbsd.net@localhost>]

Answering to each of your mails at once:


Le 06/11/2017 à 19:47, Taylor R Campbell a écrit :
> The entropy file is supposed to be rewritten each time it's read, and
> on shutdown, or something like that.

Yes, I know that. But what is the point you're trying to make?


Le 06/11/2017 à 21:57, matthew green a écrit :
> it would be nice if the lack of this file wasn't a major problem
> and that, eg, if rdrand was available it would be used as a seed
> instead/additionally

Yes, that would be nice. A combination of rdtsc and rdrand (given that the
latter may not be supported by the cpu).

> the two cases i see this regularly are pxe booted systems and in
> the installer, both a fairly important cases so i think supporting
> them as well would be worthwhile.

Perhaps, but I guess you know that we don't support kaslr over pxe, and
the interest is rather limited.


Le 06/11/2017 à 22:31, Paul.Koning%dell.com@localhost a écrit :
> If you think you need this file, I would argue there should be two: the
> current entropy file for the kernel to use, and a separate one generated
> from a different chunk of random bit stream, exclusively for the use next
> time by the bootloader.

Well yes, my initial plan was two different files.


Le 07/11/2017 à 03:50, Thor Lancelot Simon a écrit :
> On Mon, Nov 06, 2017 at 06:51:33PM +0100, Maxime Villard wrote:
> > > What is the reason for using only part of the file, in any application?
> >
> > I meant to say that the components don't take random values from the same
> > area in the file, for them not to use the same random numbers twice.
>
> That doesn't make sense to me.  Do you believe all modern keyed hash
> functions are broken?

Re-read my initial mail carefully. My plan was to have the random area
generated in the previous run, and have the bootloader/prekern/kernel take it
as-is with little to no modification/hash to it. In such a case, you had better
make sure you don't use the same areas from the file twice.