svn commit: r239598 - head/etc/rc.d
    Peter Jeremy 
    peter at rulingia.com
       
    Wed Sep  5 21:27:49 UTC 2012
    
    
  
On 2012-Sep-05 02:12:48 +0100, RW <rwmaillists at googlemail.com> wrote:
>All of the low-grade entropy should go through sha256.
Overall, I like the idea of feeding the high-volume mixed quality
"entropy" through SHA-256 or similar.
>Anything written into /dev/random is passed by random_yarrow_write() 16
>Bytes at time into random_harvest_internal() which copies it into a
>buffer and queues  it up. If there are 256 buffers queued
>random_harvest_internal() simply returns without doing anything. 
This would seem to open up a denial-of-entropy attack on random(4):
All entropy sources feed into Yarrow via random_harvest_internal()
which queues the input into a single queue - harvestfifo.  When this
queue is full, further input is discarded.  If I run
  "dd if=/dev/zero of=/dev/random"
then harvestfifo will be kept full of NULs, resulting in other entropy
events (particularly from within the kernel) being discarded.  There
would still be a small amount of entropy from the get_cyclecount()
calls but this is minimal.
Is it worth splitting harvestfifo into multiple queues to prevent
this?  At least a separate queue for RANDOM_WRITE and potentially
separate queues for each entropy source.
-- 
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20120905/fd861b5a/attachment.pgp
    
    
More information about the freebsd-security
mailing list