Date: Wed, 09 Mar 2022 21:35:21 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262192 --- Comment #10 from Olivier Certner <firstname.lastname@example.org> --- (In reply to Conrad Meyer from comment #9) Forgot to mention the example of domain init causing a call to arc4rand() I stumbled upon: ip_init => ip_reass, which initializes some hash seed that serves to hash fragments. I suspect the goal here is to make it hard for an attacker to predict which frags end up in which bucket, so that it cannot degrade the hash table's access performance without a more involved attack. Probably this could be avoided by using another, more complex, data structure. Maybe simply delaying this seed's init is possible. > If you want to pursue it, identifying the stack(s) blocking on random and > moving them after KICK_SCHEDULER would be a valuable contribution to FreeBSD. I'll try to pursue that indeed, by recompiling a kernel with a deterministic frag seed, and see what other calls to random exist. In the end, it might not be possible to easily push calls to random after KICK_SCHEDULER without more involved changes. We'll see. Don't have much time now, but expect to have a lot in approx two months. Then, the ability to boot without an entropy seed file should be one of my main priorities. In the meantime, I'll report about experiments here. Thanks. -- You are receiving this mail because: You are the assignee for the bug.