Hi,
intrigeri:
> Jurre:
>> Some of us have been working on creating a blueprint discussing certains
>> questions related to randomness in Tails.
> FTR it looks like:
> - The blueprint needs an update to take #15292 into account.
> - The current status on #11897 is "We still have to discuss this".
> So I don't think this blueprint currently has an up-to-date proposal
> that's ready to be reviewed or discussed. If I got it wrong, please
> let me know :)
A year later, I've updated that blueprint¹. Main changes:
- Correctly reflect the currently supported methods for installing
and running Tails.
- Mention the solutions that kurono and segfault have been
working on.
- Mark as obsolete a proposed solution that was superseded by
a better one for which we have actual code.
It made me realize that we've gotten somewhat stuck in a process that
has become obsolete. The initial goal of #11898 + this ticket + this
thread was to generate a document and proposals that we could get
audited by knowledgeable folks. I believe that's because back then, we
envisioned a novel, Tails-specific solution. But it turns out that we
don't really need to invent any wheel here: kurono and segfault wrote
code that demonstrates we have two ways to simply implement what's
commonly accepted as best practice (i.e. what most other operating
systems do): #11897.
Some implementation details differ (e.g. where exactly the persistent
seed is stored) but that's not particularly relevant from a security
design standpoint, and I don't think the original goal of this process
is still relevant: at this point, I don't really see what we would
need to ask the crypto community. I'm going to update Redmine so it
reflects my understanding of where we're at now.
If I got any of this wrong, I'll be happy to stand corrected.
I expect we'll reuse quite some bits of the blueprint when updating
the design doc for #11897, so thanks a lot to everyone who did the
research and the writing!
And it'll still be useful if we can get skilled folks to review the
actual implementation: a well established security design can be
erroneously implemented.
[1]
https://tails.boum.org/blueprint/randomness_seeding/
Cheers,
--
intrigeri