Re: dev/random

From: Mark Murray <markm_at_FreeBSD.ORG>
Date: Tue, 13 Apr 2004 23:12:46 +0100
Charles Swiger writes:
> > You don't get to assume the existance of rc.conf until after
> > initdiskless runs.
>
> And Mark Murray referred me to diskless workstations as well.  OK.
>
>  From what I remember, one used BOOTP and TFTPD to provide a
> standalone executable (for an X11 terminal, say) or a kernel, and the
> latter would then perform an NFS mount to obtain a root filesystem
> and an init program to run, which would then call the RC mechanism
> to mount more filesystems and do whatever else is needed to boot the
> system.

Correct.

> [ By the way, I did not find documentation in rc.8 which mentions
> initdiskless as a special case, but perhaps it might be worth
> referring to diskless.8 from the former manpage. ]

Good point. Documentation deficiencies are well worth mentioning (in
painful detail!) in docs-PRs. Either that or if it is RNG-specific, bug
me into doing it! Patches most welcome.

> Anyway, if /etc/rc.d/initdiskless is available, you've got a root
> filesystem to read from, so can't one nudge the diskless client's
> /dev/random using entropy from a file stored on it?

Consider a PC in a University's PC access hall/lab. Would you (paranoid
as you are!) trust _anything_ on that machine's hard disk?

(There are no right/wrong answers here. See below).

> Or perhaps the /usr/share/examples/diskless/clone_root script could
> call mknod to create a clone of the server's /dev/random device under
> the diskless root directory, to provide different "real" entropy for
> each diskless client?

How much network-snoopable traffic will you trust? On _your On_ network?
_your_library's_ network?

> Both of these suggestions are made under the assumption that one can't
> simply make /dev/random readable without being nudged, and one cannot
> utilize rcNG dependencies to start /etc/rc.d/random properly (ie,
> before something want to use /dev/random) for the reason that Brooks
> mentioned above. :-)

Understood! I'm RIGHT with you. This is EXACTLY the way I designed this
system.

In order to start /dev/random, you need trustable entropy. Numbers
read in the clear over the network are public information. So is
(potentially) the content of public (library, computer lab, internet
cafe, &c) hard disk.

What then? PC-generated entropy? But PCs have almost NO entropy.
Keyboard and mouse entropy is good but very sparse, so you can
use it to start machines, but if you do it properly, you need to annoy
users into doing random keyboard activity or mouse movements.

(/me sees a PC-lab system that requires a user to jiggle the mouse
ENOUGH in order to "wake up" the computer (ie reseed the RNG)).

What else? Hardware randomness? Not much is available; you need to be
specific about the hardware you purchase.

What to do? The answer is not in the singular. "What is my threat
model?" gives each specific site its answer, if the question and its
answer are evaluated IN THE ISOLATED CASE OF THAT SYSTEM.

M
--
Mark Murray
iumop ap!sdn w,I idlaH
Received on Tue Apr 13 2004 - 13:15:12 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:51 UTC