[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

**To**:**NetBSD-current Users's Discussion List <current-users%netbsd.org@localhost>, NetBSD Kernel Technical Discussion List <tech-kern%NetBSD.org@localhost>, NetBSD/xen Discussion List <port-xen%NetBSD.org@localhost>****Subject**:**Re: regarding the changes to kernel entropy gathering****From**:**"Greg A. Woods" <woods%planix.ca@localhost>**- Date: Mon, 05 Apr 2021 13:22:49 -0700

At Mon, 5 Apr 2021 15:35:12 -0400, Thor Lancelot Simon <tls%panix.com@localhost> wrote: Subject: Re: regarding the changes to kernel entropy gathering > > All those inputs are *already* being injected into the entropy pool. If you > don't understand that, you need to read the code more. I don't see how. I don't see any evidence for that happening. So, show me how entropy is being collected in my system: 16:18 [1.793] # uptime 4:19PM up 22 days, 16:04, 2 users, load averages: 0.00, 0.00, 0.00 16:19 [1.794] # sysctl kern.entropy kern.entropy.collection = 1 kern.entropy.depletion = 0 kern.entropy.consolidate = -23552 kern.entropy.gather = -23552 kern.entropy.needed = 256 kern.entropy.pending = 0 kern.entropy.epoch = 24 16:19 [1.795] # rndctl -l Source Bits Type Flags ipmi0-Temp 0 env estimate, collect, v, t, dv, dt ipmi0-Temp1 0 env estimate, collect, v, t, dv, dt ipmi0-Temp2 0 env estimate, collect, v, t, dv, dt ipmi0-Temp3 0 env estimate, collect, v, t, dv, dt ipmi0-Ambient-T 0 env estimate, collect, v, t, dv, dt ipmi0-Planar-Te 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-1 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-1 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-2 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-2 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-3 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-3 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-4 0 env estimate, collect, v, t, dv, dt ipmi0-Status 0 ??? estimate, collect, t, dt ipmi0-Voltage 0 power estimate, collect, v, t, dv, dt ipmi0-Voltage1 0 power estimate, collect, v, t, dv, dt ipmi0-Status1 0 ??? estimate, collect, t, dt ipmi0-Intrusion 0 ??? estimate, collect, t, dt ipmi0-Temp4 0 env estimate, collect, v, t, dv, dt ipmi0-Temp5 0 env estimate, collect, v, t, dv, dt ipmi0-Temp6 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-4 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-5 0 env estimate, collect, v, t, dv, dt ipmi0-FAN-MOD-5 0 env estimate, collect, v, t, dv, dt ipmi0-Ambient-T 0 env estimate, collect, v, t, dv, dt ipmi0-Ambient-T 0 env estimate, collect, v, t, dv, dt ums0 0 tty estimate, collect, v, t, dt ukbd0 0 tty estimate, collect, v, t, dt /dev/random 0 ??? estimate, collect, v sd2 0 disk estimate, collect, v, t, dt sd1 0 disk estimate, collect, v, t, dt sd0 0 disk estimate, collect, v, t, dt cpu0 0 vm estimate, collect, v, t, dv hardclock 0 skew estimate, collect, t pckbd0 0 tty estimate, collect, v, t, dt system-power 0 power estimate, collect, v, t, dt autoconf 0 ??? estimate, collect, t seed 0 ??? estimate, collect, v 16:19 [1.796] # dd if=/dev/random bs=1 count=1 [ 1970935.9749573] load: 0.00 cmd: dd 14493 [entropy] 0.00u 0.00s 0% 520k 0+0 records in 0+0 records out 0 bytes transferred in 1.839 secs (0 bytes/sec) [ 1970946.3951782] load: 0.00 cmd: dd 14493 [entropy] 0.00u 0.00s 0% 540k 0+0 records in 0+0 records out 0 bytes transferred in 12.263 secs (0 bytes/sec) [ 1971074.4681828] load: 0.08 cmd: dd 14493 [entropy] 0.01u 0.01s 0% 540k 0+0 records in 0+0 records out 0 bytes transferred in 140.335 secs (0 bytes/sec) ... and it stays that way for, effectively, ever After seeing this, on real hardware, I did read the code. I found a fix. It prevents what I show above. My fix essentially does what you suggested in your other message and allows the administrator to, on a per-system basis, enable estimation / counting of entropy bits from any of the available less trusted sources. My fix might be a bit "aggressive" (even with the accompanying change to RND_FLAG_DEFAULT), but it does what I need it to do and, if I understand correctly, it is still far more secure than: echo -n "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" > /dev/random I do trust the entropy from my fans and other environmental sources, and for most of my systems I would also trust the disk and network sources too, even in VMs. If you can observe or influence those then you're probably in my house already and have access to the physical hardware. Also if I understand correctly the trick of doing "dd if=/dev/urandom of=/dev/random bs=32 count=1" still suffers the same problem you mention about non-hardware-RNG devices sources, even with "stirring" from these same non-hardware-RNG sources: _when_ should it be done? When is the pool stirred enough? IFF the entropy from non-hardware-RNG sources is needed to "stir" the pot in the first place, then why not just "count" it as "real" entropy and be done with it -- at least then it is obvious when enough entropy has been gathered and the currently implemented algorithms handle things properly and securely and all inside the kernel. I.e. the admin doesn't have to put a "sleep 30" or whatever in front of it and hope that's enough and that it's still not too predictable. -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>

**Attachment:
pgpyrw36EKn00.pgp**

**Follow-Ups**:

**References**:**Re: regarding the changes to kernel entropy gathering***From:*Taylor R Campbell

**Re: regarding the changes to kernel entropy gathering***From:*RVP

**Re: regarding the changes to kernel entropy gathering***From:*Manuel Bouyer

**Re: regarding the changes to kernel entropy gathering***From:*Greg A. Woods

**Re: regarding the changes to kernel entropy gathering***From:*Thor Lancelot Simon

- Prev by Date:
**Re: regarding the changes to kernel entropy gathering** - Next by Date:
**Re: regarding the changes to kernel entropy gathering** - Previous by Thread:
**Re: regarding the changes to kernel entropy gathering** - Next by Thread:
**Re: regarding the changes to kernel entropy gathering** - Indexes: