[147979] in cryptography@c2.net mail archive
Re: [Cryptography] initializing kernel PRNG much much sooner on
daemon@ATHENA.MIT.EDU (John Denker)
Mon Nov 4 01:11:28 2013
X-Original-To: cryptography@metzdowd.com
Date: Sun, 03 Nov 2013 17:56:14 -0700
From: John Denker <jsd@av8n.com>
To: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
RNG mlist <rng@lists.bitrot.info>
In-Reply-To: <20131103014337.GB10255@thunk.org>
Cc: Theodore Ts'o <tytso@mit.edu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 11/02/2013 06:43 PM, Theodore Ts'o wrote:
> ..... I suspect you ran this on an
> Ubuntu system. On a Debian system, which still uses sysvinit (as God
> intended :-), the ordering is quite different. The urandom script is
> run before networking is enabled, and in fact this is enforced by the
> init script's dependencies:
>
> ### BEGIN INIT INFO
> # Provides: networking ifupdown
> # Required-Start: mountkernfs $local_fs urandom
That's innnnnteresting.
In the current Ubuntu distro (raring),
a) there is no factor of "urandom" in the upstart init/ssh.conf, and
b) simply adding such a factor doesn't suffice, because nobody is
emitting any such event, because
c) the sysv init.d/urandom script hasn't been ported to upstart.
d) There is at least one open bug on the subject.
https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/1098299
The consensus seems to be
"we do want to translate /etc/init.d/urandom to an upstart job"
but the guys are
"frankly not sure at present how to write it correctly"
I took a stab at translating the thing.
http://www.av8n.com/cgit/cgit.cgi/init-urandom/
This is first-draft code that has been thought about for maybe 5 minutes
total, but it's better than nothing. It seeds the PRNG much, much sooner.
It makes the ssh server dependent on the "urandom" event (although this
is now in the category of belt-and-suspenders).
I am under no illusions that the seed file is getting loaded early /enough/
in absolute terms. It is, however, a whole lot earlier in relative terms.
The new data is tabulated here, along with more discussion:
http://www.av8n.com/computer/htm/secure-prng.htm#sec-discuss
Comments? Suggestions? Better ideas?
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
