seeding dev/random in 5.5
Brooks Davis
brooks at one-eyed-alien.net
Wed Aug 9 13:08:57 UTC 2006
On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote:
> --- Doug Barton <dougb at FreeBSD.org> wrote:
> > The patches you sent to implement this option didn't come through to the
> > mailing list, could you resend them please? :)
> >
> > Seriously though, a lot of people looked at this problem when yarrow was
> > introduced, and no solution became immediately apparent. So, if someone
> > wants to take a crack at implementing something, knock yourself out.
> >
> Since this is the security mailing list, I would like to direct the attention
> on the following points:
>
> * I see in the CD-procedure the problem, that a postman, who is more
> sophisticated than in Leslie Nielsen's "Naked Gun 33 1/3" movie, might exchange
> the media, so that u let ur Netherlandish install something u dont know and/or
> like. Workaround: Do you use a checksum over the media (`md5 < /dev/acd0`) and
> transmit those checksum on a different way (maybe email)?
>
> * I received a private communication yesterday about this matter. But the list
> did not. I will cite (not litterally) a little bit out of that message: Since
> you do not know anything about the remotely created host-key, u cannot connect
> safely to the freshly installed box, because: You do not even know the
> signature of the new host-key, so that if u connect to the wrong box u would
> not even known. Workaround: You could give all hosts the same well-known
> host-key (via your install-image-CD) and then u could change the host-key in a
> remotely controlled way individually and note down the signature? Maybe my
> secret informer (lets call him Rasmus or RK) wants to come public... :-)
These are valid if probably overly paranoid points. :)
> * But what if the postman (see first point) know already the host-key from
> reading the CD? Then he could log in to ur boxes...
This isn't true. The host key lets you impersonate the host. It
does not do anything related to log in (unless you use host based
auth).
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20060809/22d8c329/attachment.pgp
More information about the freebsd-security
mailing list