Proposed fix; stage 1 (Was: svn commit: r239569 - head/etc/rc.d)

Mark Murray markm at FreeBSD.org
Sun Sep 16 16:30:23 UTC 2012 

Hi

Part 1 of the fix is enclosed; it involves drastically shortening the
input into /dev/random (the "kickstart") at boot time. There are time
implications that I'd like to hear any objections to.

Part 1a is going to be tweeks to stashing entropy at restart
(and possibly during normal running). Also fixes to zero-entropy
first-startup.

Part 2 will be a cheap shortening of files during reading so as not
to clog up the harvest queue. The harvest queue will always be a bit
intolerant of excess input via this route, so this should help a lot.

Part 3 will be the addition of another choice of software PRNG;
Fortuna. Fortuna is MUCH more resilient to attack, at the expense
of using more kernel memory. For modern machines, this is scarcely
noticeable, but it could be bad for embedded units.

Tweeks along the way may include reverting to the original intent of
starting the PRNG blocked, and only unblocking once reseeded.

M
--
Mark R V Murray
Pi: 132511160
-------------- next part --------------
Index: initrandom
===================================================================
--- initrandom	(revision 240384)
+++ initrandom	(working copy)
@@ -23,15 +23,12 @@
 
 better_than_nothing()
 {
-	# XXX temporary until we can improve the entropy
-	# harvesting rate.
 	# Entropy below is not great, but better than nothing.
 	# This unblocks the generator at startup
 	# Note: commands are ordered to cause the most variance across reboots.
-	( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \
-	    | dd of=/dev/random bs=8k 2>/dev/null
-	/sbin/sha256 -q `sysctl -n kern.bootfile` \
-	    | dd of=/dev/random bs=8k 2>/dev/null
+	for cmd in "kenv" "dmesg" "df -ib" "ps -fauxww" "date" "sysctl -ao" "netstat -arn" "fstat" ; do
+	    ${cmd}| sha256 > /dev/random
+	done
 }
 
 initrandom_start()
@@ -67,6 +64,12 @@
 
 		# First pass at reseeding /dev/random.
 		#
+		better_than_nothing
+
+		sleep 1
+
+		# Give the RNG the best kicking that we might not have.
+		#
 		case ${entropy_file} in
 		[Nn][Oo] | '')
 			;;
@@ -77,8 +80,6 @@
 			;;
 		esac
 
-		better_than_nothing
-
 		echo -n ' kickstart'
 	fi

More information about the freebsd-security mailing list