[Bug 222807] PURE entropy sources are harvested but not mixed in. Also, min-entropy low per SP800-90B measurements
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Oct 6 00:45:03 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222807
Bug ID: 222807
Summary: PURE entropy sources are harvested but not mixed in.
Also, min-entropy low per SP800-90B measurements
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: badfilemagic at gmail.com
Created attachment 186932
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=186932&action=edit
patche that enable "pure" entropy sources such as RDRND to actually be mixed
At vBSDCon, JMG and I co-presented a talk on an entropy analysis and audit on
/dev/random that we conducted out of mutual interest. In the course of our
work, we found the following:
* so-called "PURE" sources of entropy, such as RDRND on Intel chips, are
harvested however the results of the harvest are never mixed in due to the
harvest mask bit never being set, with no way to set it.
* Conducting an SP800-90B entropy analysis on the non-IID track for
non-whitened entropy (the data fed into randomdev_hash_iterate, essentially),
min-entropy is rather low because of a) the trng sources weren't being mixed,
and b) there is a lot of repeat and predictable garbage that is of no value in
the harvest_event structure, especially for events with only 4 bytes worth of
data from their source in the he_entropy field.
Attached are patches which correct these two issues. They are from work done
downstream with the HardenedBSD team and have been tested.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list