Re: [Tails-dev] How to seed urandom (or not)?

This message is part of the following thread:
Mthe complete thread tree sorted by date
MJacob Appelbaum at <-
MPatrick Schleizer at ->
Delete this message

Reply to this message
Author: coderman
Date:  
To: The Tails public development discussion list
CC: David Goulet
Subject: Re: [Tails-dev] How to seed urandom (or not)?
On Fri, Aug 1, 2014 at 10:24 AM, Jacob Appelbaum <jacob@???> wrote:
> ...
> Sure - if we have entropy, we can seed anything. :)

*grin*




> How is that worse? The goal is entropy collectin. A public value is
> not entropic.

but a public value in addition to other predictable values maybe
provides an incremental increase in difficulty of attack. (i'll
provide tech citations later this eve)



> It may make sense to add entropy to the disk at install time from the
> installing computer.

this would fall into the persistence dependency category, but also
very much useful!




> The date is strictly better than no entropy at all. A date is a very
> small amount of entropy but probably it is not sufficient.

agreed.


> That does that work? If we have no entropy, we have no entropy.

i'm creating a matix of kernel versions and potential pre-init user
space seeding avenues available. this will explain it better.

odds low, but it could happen.




> We need both - we cannot known when one will not function as hardware
> may change on a per boot basis.

correct; this determination should be at inititialization: can rgnd
run? if yes, don't launch haveged.



> Could you explain the (unseeded) process for entropy collection in the
> kernel (3.14-1-amd64) in use on Tails? Assuming no haveged, rngd, etc.

will do.


best regards,

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] patch submission feature #7512Re: [Tails-dev] IRC (Was: Tails contributors meeting: Sunday August 3)->
lists.autistici.org administrated by postmasterLurker (version 2.3)