[opensuse] About generating a true random file and avoiding short reads
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm using this piece of code : dd iflag=fullblock if=/dev/random of=keyfile bs=512 count=8 to generate random file to be used as key for an encritped filesystem. However, the block does not appear to be fully random, because I recognize text patterns inside: 000000b0 af 60 31 79 02 9f f9 92 ad e5 a3 62 f2 72 39 f7 |.`1y.......b.r9.| 000000c0 3b 5c 9a 27 4e 30 54 be 34 32 02 ea 23 82 96 f3 |;\.'N0T.42..#...| 000000d0 88 5d 8d 3d 7e fe 16 d6 53 91 18 de b1 49 a8 21 |.].=~...S....I.!| See the "'N0T.42" there. Am I doing it wrong, or simply overreacting? - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlNT3ZUACgkQtTMYHG2NR9WWZQCeN0IHjyJLo+wT5jMN2Dk/5s+j Um8An2VjrYSQ9OnjHMyeHwWHYCUWq3S5 =c7G3 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 20/04/14 11:45, Carlos E. R. escribió:
See the "'N0T.42" there. Am I doing it wrong, or simply overreacting?
See: http://en.wikipedia.org/wiki/Apophenia :-) -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-04-20 17:04, Cristian Rodríguez wrote:
El 20/04/14 11:45, Carlos E. R. escribió:
See the "'N0T.42" there. Am I doing it wrong, or simply overreacting?
ACK! LOL. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNT4qIACgkQtTMYHG2NR9UPyQCghXrGwV9Unj5eN+BU6wowPXxu +xYAnR/Sq9Q4y1L4Y4M0fJrwydZcNL5q =hJDh -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/20/2014 04:45 PM, Carlos E. R. wrote:
dd iflag=fullblock if=/dev/random of=keyfile bs=512 count=8
Not directly related to your question, but interesting, too: http://www.2uo.de/myths-about-urandom/ Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Sun, 20 Apr 2014, Bernhard Voelker wrote:
On 04/20/2014 04:45 PM, Carlos E. R. wrote:
dd iflag=fullblock if=/dev/random of=keyfile bs=512 count=8
Not directly related to your question, but interesting, too: http://www.2uo.de/myths-about-urandom/
He makes it a bit too easy. Read the source! Anyone can read the comment at the start of /usr/src/linux/drivers/char/random.c instead of the manpage ('man 4 random'). And yes, SUSE saves the random seed to a file on shutdown/reboot and initializes the pool from on startup. -dnh, who just wildly moves the mouse when /dev/random blocks (as wildly typing is not always an option) -- (\__/) (='.'=) This is Bunny. Copy and paste Bunny into your (")_(") signature to help him gain world domination. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 20/04/14 13:34, David Haller escribió:
And yes, SUSE saves the random seed to a file on shutdown/reboot and initializes the pool from on startup.
Unfortunately yes, all linux distributions do this..and it is something that we should work on eliminating. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, Apr 20, 2014 at 01:56:02PM -0300, Cristian Rodríguez wrote:
El 20/04/14 13:34, David Haller escribió:
And yes, SUSE saves the random seed to a file on shutdown/reboot and initializes the pool from on startup.
Unfortunately yes, all linux distributions do this..and it is something that we should work on eliminating.
No, we should not. Just care needs to be taken that the same seed is not reused (in imaging/cloning machines) or similar. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-04-20 17:22, Bernhard Voelker wrote:
On 04/20/2014 04:45 PM, Carlos E. R. wrote:
dd iflag=fullblock if=/dev/random of=keyfile bs=512 count=8
Not directly related to your question, but interesting, too: http://www.2uo.de/myths-about-urandom/
True, interesting. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 04/20/2014 10:45 AM, Carlos E. R. wrote:
Hi,
I'm using this piece of code :
dd iflag=fullblock if=/dev/random of=keyfile bs=512 count=8
to generate random file to be used as key for an encritped filesystem. However, the block does not appear to be fully random, because I recognize text patterns inside:
000000b0 af 60 31 79 02 9f f9 92 ad e5 a3 62 f2 72 39 f7 |.`1y.......b.r9.| 000000c0 3b 5c 9a 27 4e 30 54 be 34 32 02 ea 23 82 96 f3 |;\.'N0T.42..#...| 000000d0 88 5d 8d 3d 7e fe 16 d6 53 91 18 de b1 49 a8 21 |.].=~...S....I.!|
See the "'N0T.42" there. Am I doing it wrong, or simply overreacting?
I immediately thought of "The Bible Code" http://en.wikipedia.org/wiki/The_Bible_Code_%28book%29 Try running it again and see if you get "marvin" or "Betlebrock" or something like that. Or even "Not.43" -- The two pillars of `political correctness' are, a) willful ignorance, and b) a steadfast refusal to face the truth -- George MacDonald Fraser -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sunday 20 of April 2014 16:45:28 Carlos E. R. wrote:
Hi,
I'm using this piece of code :
dd iflag=fullblock if=/dev/random of=keyfile bs=512 count=8
to generate random file to be used as key for an encritped filesystem. However, the block does not appear to be fully random, because I recognize text patterns inside:
000000b0 af 60 31 79 02 9f f9 92 ad e5 a3 62 f2 72 39 f7 |.`1y.......b.r9.| 000000c0 3b 5c 9a 27 4e 30 54 be 34 32 02 ea 23 82 96 f3 |;\.'N0T.42..#...| 000000d0 88 5d 8d 3d 7e fe 16 d6 53 91 18 de b1 49 a8 21 |.].=~...S....I.!|
See the "'N0T.42" there. Am I doing it wrong, or simply overreacting?
This is the output of stan with your data as input: General statistics for the stream, bytes 48 Arithmetic mean: 123.583333 ~ 0x7b({) Median: 121.000000 ~ 0x79(y) Deviation: 73.069269 ~ 0x49(I) Chi-Square test: 178.472059 Entropy per byte: 5.543296 Correlation co.: -0.228702 Pattern length 1, different 47, total 48, bytes 48, depth 9 - Pattern range 0x02( ): 0x00000002 - 0xfe( ): 0x00000001 - 10 most used patterns 0x02( ): 0x00000002 0xaf( ): 0x00000001 0x60(`): 0x00000001 0x31(1): 0x00000001 0x27('): 0x00000001 0x23(#): 0x00000001 0x16( ): 0x00000001 0x18( ): 0x00000001 0x21(!): 0x00000001 0x30(0): 0x00000001 Pattern length 2, different 47, total 47, bytes 48, depth 8 - Pattern range 0x029f( ): 0x00000001 - 0xfe16( ): 0x00000001 - 10 most used patterns 0xaf60( `): 0x00000001 0x6031(`1): 0x00000001 0x3179(1y): 0x00000001 0x029f( ): 0x00000001 0x274e('N): 0x00000001 0x02ea( ): 0x00000001 0x2382(# ): 0x00000001 0x16d6( ): 0x00000001 0x18de( ): 0x00000001 0x3054(0T): 0x00000001 Entropy per byte seems high enough, so it is random data for most purposes. If you suspect that your computer generates low amount of entropy, try haveged. -- Regards, Peter -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (8)
-
Anton Aylward -
auxsvr@gmail.com -
Bernhard Voelker -
Carlos E. R. -
Carlos E. R. -
Cristian Rodríguez -
David Haller -
Marcus Meissner