On Tuesday 26 Jul 2011 15:01:33 Marcus Meissner wrote:
On Tue, Jul 26, 2011 at 09:35:33AM -0400, Jeff Mahoney wrote:
On 07/26/2011 08:34 AM, Marcus Meissner wrote:
Hi,
The reasoning to not have it enabled was the mimimal set of services running to reduce security attack surface and to enhance startup time.
We reviewed haveged for SLE 11, from a integrity security side it is ok.
We reviewed the randomness it generates briefly (!) and found no issues.
However ... the sheer amount of randomness it claims to generate feels a bit too good to be true to me.
It insanity rating is similar to using /dev/urandom, refering to a previous comment.
That said, we are fine with enabling it if people consider it necessary.
Hrm, if the quality is indistinguishable from /dev/urandom, why wouldn't we just pump from /dev/urandom when /dev/random runs out?
I just wanted to point out that it is hard to differ real entropy and pseudo randomness.
haveged claims to derive randomness from timer fluctuations in calculations and cache timings and cache flushings, and we used timer based randomness when feeding from network cards and human input devices.
As long as the CPUs don't have predictable timings in the used calculations currently haveged can be used for "real" entropy.
Ciao, Marcus
I believe it's also worth pointing out that haveged only feeds the data into the kernel, it does not manipulate the entropy estimate - therefore, even if someone were to hack or replace haveged with something that feeds the kernel non-random data, the kernel will simply not increase its entropy estimate. If there were actual issues where you could perform poisoning of the entropy pool in the kernel by feeding it non-random data, then you probably shouldn't be allowing non-root users to write /dev/random as far as I am aware, there aren't any such issues. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org