tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kaslr: better rng



> Date: Tue, 7 Nov 2017 09:16:25 +0100
> From: Maxime Villard <max%m00nbsd.net@localhost>
> 
> Le 06/11/2017 à 19:47, Taylor R Campbell a écrit :
> > The entropy file is supposed to be rewritten each time it's read, and
> > on shutdown, or something like that.
> 
> Yes, I know that. But what is the point you're trying to make?

The original quotation I was replying to was this:

> > > Well, we could indeed extend /var/db/entropy-file. However, I would really
> > > prefer the random area to be generated from a previous run of the system, and
> > > not from the bootloader taking a seed in the file. Unless there is a
> > > combination of both?

I was trying to point out that the entropy file _does_ come from a
previous run of the system.

> Le 06/11/2017 à 21:57, matthew green a écrit :
> > it would be nice if the lack of this file wasn't a major problem
> > and that, eg, if rdrand was available it would be used as a seed
> > instead/additionally
> 
> Yes, that would be nice. A combination of rdtsc and rdrand (given that the
> latter may not be supported by the cpu).

Easy to hash together the seed, cpu_counter, and cpu_rng.

> Le 06/11/2017 à 22:31, Paul.Koning%dell.com@localhost a écrit :
> > If you think you need this file, I would argue there should be two: the
> > current entropy file for the kernel to use, and a separate one generated
> > from a different chunk of random bit stream, exclusively for the use next
> > time by the bootloader.
> 
> Well yes, my initial plan was two different files.

What's the security goal you hope to achieve by having two different
files that cannot be achieved by using one and deriving two subkeys
from it?


Home | Main Index | Thread Index | Old Index