[148913] in cryptography@c2.net mail archive
Re: [Cryptography] Timing of saving RNG state
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Jan 3 17:46:35 2014
X-Original-To: cryptography@metzdowd.com
Date: Fri, 3 Jan 2014 14:49:01 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: cryptography@metzdowd.com
In-Reply-To: <20140103193749.GN1285@mournblade.imrryr.org>
X-SA-Exim-Mail-From: tytso@thunk.org
Cc: Viktor Dukhovni <cryptography@dukhovni.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Fri, Jan 03, 2014 at 07:37:49PM +0000, Viktor Dukhovni wrote:
>
> Speaking of the timing of RNG state save/restore, Nico Williams
> observes that it would be prudent to save state not only on (clean)
> shutdown, but also at startup, immediately after the previously
> saved seed is loaded. That way after a power-outage, panic, ...
> the seed does not start in the same state as on previous boot.
It's such a good idea I recommened it almost a decade ago in the Linux
kernel sources. :-)
* When any operating system starts up, it will go through a sequence
* of actions that are fairly predictable by an adversary, especially
* if the start-up does not involve interaction with a human operator.
* This reduces the actual number of bits of unpredictability in the
* entropy pool below the value in entropy_count. In order to
* counteract this effect, it helps to carry information in the
* entropy pool across shut-downs and start-ups. To do this, put the
* following lines an appropriate script which is run during the boot
* sequence:
*
* echo "Initializing random number generator..."
* random_seed=/var/run/random-seed
* # Carry a random seed from start-up to start-up
* # Load and then save the whole entropy pool
* if [ -f $random_seed ]; then
* cat $random_seed >/dev/urandom
* else
* touch $random_seed
* fi
* chmod 600 $random_seed
* dd if=/dev/urandom of=$random_seed count=1 bs=512
And it's such a good idea Debian and Ubuntu's /etc/init.d/urandom also
does this.
- Ted
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
