From: Henrique de Moraes Holschuh <hmh@debian.org>
To: Matt Mackall <mpm@selenic.com>
Cc: Herbert Xu <herbert@gondor.hengli.com.au>,
"Theodore Ts'o" <tytso@mit.edu>, Michael Biebl <biebl@debian.org>,
587665@bugs.debian.org, linux-kernel@vger.kernel.org,
Petter Reinholdtsen <pere@hungry.com>
Subject: Re: [Pkg-sysvinit-devel] Bug#587665: Safety of early boot init of /dev/random seed
Date: Thu, 15 Jul 2010 20:33:05 -0300 [thread overview]
Message-ID: <20100715233305.GF27512@khazad-dum.debian.net> (raw)
In-Reply-To: <1278355233.9937.21.camel@calx>
On Mon, 05 Jul 2010, Matt Mackall wrote:
> > > Here are our questions:
> > >
> > > 1. How much data of unknown quality can we feed the random pool at boot,
> > > before it causes damage (i.e. what is the threshold where we violate the
> > > "you are not goint to be any worse than you were before" rule) ?
>
> There is no limit. The mixing operations are computationally reversible,
> which guarantees that no unknown degrees of freedom are clobbered when
> mixing known data.
Good. So, whatever we do, we are never worse off than we were before we did
it, at least by design.
> > > 2. How dangerous it is to feed the pool with stale seed data in the next
> > > boot (i.e. in a failure mode where we do not regenerate the seed file) ?
>
> Not at all.
>
> > > 3. What is the optimal size of the seed data based on the pool size ?
>
> 1:1.
We shall try to keep it at 1:1, then.
> > > 4. How dangerous it is to have functions that need randomness (like
> > > encripted network and partitions, possibly encripted swap with an
> > > ephemeral key), BEFORE initializing the random seed ?
>
> Depends on the platform. For instance, if you've got an unattended boot
> off a Live CD on a machine with a predictable clock, you may get
> duplicate outputs.
I.e. it is somewhat dangerous, and we should try to avoid it by design, so
we should try to init it as early as possible. Very well.
> > > 5. Is there an optimal size for the pool? Does the quality of the randomness
> > > one extracts from the pool increase or decrease with pool size?
>
> Don't bother fiddling with the pool size.
We don't, but local admins often do, probably in an attempt to better handle
bursts of entropy drainage. So, we do want to properly support non-standard
pool sizes in Debian if we can.
> > > Basically, we need these answers to find our way regarding the following
> > > decisions:
> > >
> > > a) Is it better to seed the pool as early as possible and risk a larger time
> > > window for problem (2) above, instead of the current behaviour where we
> > > have a large time window where (4) above happens?
>
> Earlier is better.
>
> > > b) Is it worth the effort to base the seed file on the size of the pool,
> > > instead of just using a constant size? If a constant size is better,
> > > which size would that be? 512 bytes? 4096 bytes? 16384 bytes?
>
> 512 bytes is plenty.
>
> > > c) What is the maximum seed file size we can allow (maybe based on size of
> > > the pool) to try to avoid problem (1) above ?
>
> Anything larger than a sector is simply wasting CPU time, but is
> otherwise harmless.
Well, a filesystem block is usually 1024 bytes, and a sector is 4096 bytes
nowadays... :-)
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
next prev parent reply other threads:[~2010-07-15 23:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20100630175615.2119.50822.reportbug@pluto.milchstrasse.xx>
[not found] ` <20100630184209.GA30971@khazad-dum.debian.net>
[not found] ` <4C2BCE88.20004@debian.org>
[not found] ` <20100630234016.GD18711@login1.uio.no>
[not found] ` <4C2BDCF0.5080203@debian.org>
[not found] ` <20100701141022.GA3811@login1.uio.no>
[not found] ` <20100701171357.GE4789@khazad-dum.debian.net>
[not found] ` <20100702064415.GE3811@login1.uio.no>
[not found] ` <20100702232919.GA14437@login2.uio.no>
[not found] ` <20100703012833.GA20929@khazad-dum.debian.net>
2010-07-03 15:16 ` Safety of early boot init of /dev/random seed Henrique de Moraes Holschuh
2010-07-03 16:08 ` [Pkg-sysvinit-devel] Bug#587665: " Henrique de Moraes Holschuh
2010-07-05 18:40 ` Matt Mackall
2010-07-15 23:33 ` Henrique de Moraes Holschuh [this message]
2010-07-16 2:41 ` Matt Mackall
2010-07-16 12:58 ` Henrique de Moraes Holschuh
2010-08-01 22:52 ` Christoph Anton Mitterer
2010-08-02 4:13 ` Henrique de Moraes Holschuh
2010-08-02 4:52 ` Matt Mackall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100715233305.GF27512@khazad-dum.debian.net \
--to=hmh@debian.org \
--cc=587665@bugs.debian.org \
--cc=biebl@debian.org \
--cc=herbert@gondor.hengli.com.au \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
--cc=pere@hungry.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox