Re: Allegations regarding OpenBSD IPSEC

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Theo de Raadt

Subject: Re: Allegations regarding OpenBSD IPSEC

Date: Tuesday, December 21, 2010 - 5:46 pm

> 2010/12/21 Theo de Raadt <deraadt@cvs.openbsd.org>:
quoted text> > HANG ON.
> >
> > Go look at the function random_seed() in /usr/src/etc/rc
> > Then look at when it is called.
> 
> so, the current state of the PRNG will be preserved during reboots.

That statement is false.

quoted text> Good.

No.  You misread the code.

quoted text> That gives some information about system entropy, which will be
> "good" at all times, except for the very first boot of an
> installation. See : rnd.c: randomwrite() -> add_entropy_words();

That part is true.  But what you said earlier is false.

quoted text> However, arc4_stir will still be called once after every reboot.
> During its first call, the value of nanotime() will be placed at the
> beginning of buf, which is then beeing used to init the rc4 context.

What else do you think we should use?  Where do we invent entropy from
when the kernel has only been running for 0.01 of a second?

quoted text> So, at the first glance it looks like using the value of nanotime() in
> arc4_stir is not necessary at all, as there will allways be enough
> system entropy.

False.

On some architectures, some entropy might have been fetched.

On some architectures, the system clock might have been read with enough
accuracy and random time advancement to provide some unknown.

On MOST architectures, the above two are true.

On some they are not.

Soon after mounting, /etc/rc will load a bucketload more entropy (even
on the first boot, I should add, since even the installation process
generates that file).

quoted text> At least I would XOR the value of nanotime() to buf,
> instead of just prepending it. MD5 and the like does not seem to be
> necessary, as buf will allways contain some good random data.

XOR it?  Why?

Please provide a citation regarding the benefit of XOR'ing feed data
before passing it into MD5 for the purpose of PRNG folding.  Note,
this is the first stage PRNG, and that a second stage kernel-use PRNG
is built on top of that the first one, and that a third stage
per-process PRNG is built on top of that.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: Allegations regarding OpenBSD IPSEC, Theo de Raadt, (Tue Dec 21, 5:46 pm)

Re: Allegations regarding OpenBSD IPSEC, Kurt Knochner, (Tue Dec 21, 9:26 pm)

Re: Allegations regarding OpenBSD IPSEC, Salvador Fandiño, (Wed Dec 22, 4:13 am)

Re: Allegations regarding OpenBSD IPSEC, Clint Pachl, (Wed Dec 22, 2:49 pm)

Re: Allegations regarding OpenBSD IPSEC, Ted Unangst, (Wed Dec 22, 3:25 pm)

Re: Allegations regarding OpenBSD IPSEC, Marsh Ray, (Wed Dec 22, 10:39 pm)

Re: Allegations regarding OpenBSD IPSEC, Salvador Fandiño, (Thu Dec 23, 1:13 am)

Re: Allegations regarding OpenBSD IPSEC, Clint Pachl, (Thu Dec 23, 1:44 am)

Re: Allegations regarding OpenBSD IPSEC, olli hauer, (Thu Dec 23, 2:43 am)

Re: Allegations regarding OpenBSD IPSEC, Otto Moerbeek, (Thu Dec 23, 3:06 am)

Re: Allegations regarding OpenBSD IPSEC, Kurt Knochner, (Thu Dec 23, 3:36 am)

Re: Allegations regarding OpenBSD IPSEC, Renzo, (Thu Dec 23, 10:37 am)

Navigation

Popular discussions


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Mr. James W. Laferriere	Re: Linux 2.6.25-rc1 , syntax error near unexpected token `;'
Chuck Ebbert	Re: PCI: Unable to reserve mem region problem
Linus Torvalds	Linux 2.6.34-rc4
Mingming Cao	Re: [RFC 1/4] Large Blocksize support for Ext2/3/4
git:
Ralf Wildenhues	[PATCH] Fix typos in the documentation
Len Brown	Re: fatal: unable to create '.git/index': File exists
Adeodato	Bazaar's patience diff as GIT_EXTERNAL_DIFF
Denis Bueno	Git clone error
Johannes Schindelin	Re: [PATCH 2/4] Add functions get_relative_cwd() and is_inside_dir()
git-commits-head:
Linux Kernel Mailing List	ASoC: fix registration of the SoC card in the Freescale MPC8610 drivers
Linux Kernel Mailing List	drivers/acpi: use kasprintf
Linux Kernel Mailing List	nfsd41: sanity check client drc maxreqs
Linux Kernel Mailing List	bnx2x: Moving includes
Linux Kernel Mailing List	V4L/DVB: gspca - sonixj: Adjust minor values of sensor ov7630. - set the color ga...
openbsd-misc:
Sevan / Venture37	Re: This is what Linus Torvalds calls openBSD crowd
Netmaffia.hu	Tini Lányok AKCIÓBAN OTTHON
Sam Fourman Jr.	Re: Help with Altell PC6700
Siju George	This is what Linus Torvalds calls openBSD crowd
Darrin Chandler	Re: OT: Python (was Re: vi in /bin)
linux-netdev:
Kurt Van Dijck	Re: [PATCH net-next-2.6 1/2] can: add driver for Softing card
Eric Dumazet	Re: [PATCH net-next-2.6] net: Introduce skb_orphan_try()
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Jarek Poplawski	Re: socket api problem: can't bind an ipv6 socket to ::ffff:0.0.0.0
David Miller	Re: [PATCH v2] net: typos in comments in include/linux/igmp.h

Colocation donated by:

Syndicate