Re: kaslr: better rng

[Maxime Villard <max%m00nbsd.net@localhost>]

Le 07/11/2017 à 17:21, Taylor R Campbell a écrit :
> > Date: Tue, 7 Nov 2017 09:16:25 +0100
> > From: Maxime Villard <max%m00nbsd.net@localhost>
> >
> > Le 06/11/2017 à 19:47, Taylor R Campbell a écrit :
> > > The entropy file is supposed to be rewritten each time it's read, and
> > > on shutdown, or something like that.
> >
> > Yes, I know that. But what is the point you're trying to make?
>
> The original quotation I was replying to was this:
>
> > > > Well, we could indeed extend /var/db/entropy-file. However, I would really
> > > > prefer the random area to be generated from a previous run of the system, and
> > > > not from the bootloader taking a seed in the file. Unless there is a
> > > > combination of both?
>
> I was trying to point out that the entropy file _does_ come from a
> previous run of the system.

Ah alright. But in my mail (that you were answering to) I did understand that
the entropy file comes from the previous run; what I was saying was, I would
prefer the file in question to contain random data right away and not just a
seed. In such a way that whoever wants to get random uints at boot time can
read the file and obtain some, with no generation algorithm whatsoever.

> > Le 06/11/2017 à 22:31, Paul.Koning%dell.com@localhost a écrit :
> > > If you think you need this file, I would argue there should be two: the
> > > current entropy file for the kernel to use, and a separate one generated
> > > from a different chunk of random bit stream, exclusively for the use next
> > > time by the bootloader.
> >
> > Well yes, my initial plan was two different files.
>
> What's the security goal you hope to achieve by having two different
> files that cannot be achieved by using one and deriving two subkeys
> from it?

There is no particular security goal behind this. Since I wanted the file not
to be a seed, it made sense to use two different files (one seed, one
random...).

Maxime