Re: [Tails-dev] Support EntropyKey?

Delete this message

Reply to this message
Autor: Jacob Appelbaum
Data:  
Dla: tails-dev
Temat: Re: [Tails-dev] Support EntropyKey?
Maxim Kammerer:
> On Mon, Nov 26, 2012 at 5:40 PM, Jacob Appelbaum <jacob@???> wrote:
>> On a recently installed laptop, I found that it had essentially zero sources
>> of entropy beyond the keyboard, the clock and the hostname.
>
> You forgot the CPU. Haveged makes all other approaches to gathering
> entropy pretty much irrelevant — for instance, try exhausting
> /proc/sys/kernel/random/entropy_avail on a system with running
> haveged. It is used in Tails since Apr 2010, and in Liberté since Apr
> 2011 (I think I added haveged after reading the PELD spec). HAVEGE is
> one of those really underappreciated academic projects.


I didn't forget the CPU though I don't believe the CPU is *certainly*
being used to generate entropy at LUKS setup time. I don't think that
haveged is running on the aforementioned laptop at OS install time; the
CPU does have the RDRAND flag in /proc/cpuinfo, though I am unclear if
the installer actually *extracts* anything random from the CPU.

The paper I cited demonstrates clearly that there are times that systems
become entropy starved and during asymmetric key generation, it is
fatal. Some systems *start* entropy starved, as noted in the paper. Keys
generated during this time for LUKS protected disks are probably not the
most entropic. Do you know if Debian or Ubuntu take advantage of RDRAND
or if they run haveged during debian-installer run time?

>
> “HAVEGE can reach an unprecedented throughput for a software
> unpredictable random number generator: several hundreds of megabits
> per second on current workstations and PCs.”
> http://www.irisa.fr/caps/projects/hipsor/
> http://www.irisa.fr/caps/projects/hipsor/misc.php
> http://www.irisa.fr/caps/projects/hipsor/publi.php
>


Sure, I specifically suggested installing the haveged package. It seems
like it might be an alright stopgap when there is no hardware RNG.
Ideally, I'd want to see a hardware RNG in the CPU, an external
HWRNG/TRNG, HAVEGE and the other normal sources of entropy that the
kernel pools. I'd also want to cache some random data to seed after a
reboot...

All the best,
Jake