[PATCH RFC] Disable save-entropy in jails
Mark R V Murray
mark at grondar.org
Wed Dec 25 12:37:53 UTC 2013
On 25 Dec 2013, at 02:04, Xin Li <delphij at delphij.net> wrote:
> No, we are not talking about removing /var/db/entropy. What I am
> proposing to do is to disable entropy savings from jails. Here is why:
>
> The way a PRNG works is that it uses one or many entropy sources to
> "feed" its internal state, and generate a series of pseudo-random
> numbers from the internal state via a PRF.
>
> FreeBSD collects entropy from several sources: Ethernet, interrupts,
> software interrupts, etc., as well as hardware RNG that is available
> to the system, and use all these entropy to derive the internal state
> of its PRNG.
>
> When reading from /dev/random, one essentially consumes entropy that
> is fed into the random device, and eventually it would cause a reseed.
> In an ideal world, we would want this to be less predicable and
> controllable from a potential attacker.
So far so good. :-)
> Normal applications tends to read /dev/random in small bites, and do
> so in a discrete and nearly random manner, assuming we have a lot of
> processes running. Saving entropy, on the other hand, happen in
> larger chunks at a determined time. With multiple jails running, one
> would have a lot of big chunk reads from the /dev/random device,
> making its behavior more deterministic, which could have bad consequences.
I doubt it goes as far as “bad”, but it certainly does no good.
I would support the notion of not caching entropy in jails IFF this
didn’t leak out and prevent harvesting in the jail’s host AND this
gave a noticeable simplification of script code.
M
--
Mark R V Murray
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 353 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20131225/435c06a4/attachment.sig>
More information about the freebsd-current
mailing list