Looking at the fallout in Debian from fixing CVE-2018-1108, quite a few systems take unreasonably long to gather entropy
-
-
Replying to @benhutchingsuk
unless you have a threat model in which an attacker can read root-only files from your disk, you could teach the boot entropy thingie to persist your entropy count?
1 reply 0 retweets 0 likes -
Replying to @tehjh @benhutchingsuk
use getrandom() to read the entropy to be persisted (so you know it's guaranteed to be cryptographically random), then after reading it back on boot, bump the entropy counter by 128
2 replies 0 retweets 0 likes -
Replying to @tehjh
Now if only we'd thought to put that in the default install 18 months ago...
2 replies 0 retweets 0 likes -
Replying to @benhutchingsuk @tehjh
If there's already packaged code to do that, we can recommend installing/enabling it, but implementing an entirely new service isn't really an option for a stable update
1 reply 0 retweets 0 likes -
Replying to @benhutchingsuk
could you patch systemd-random-seed.service to behave a little differently?
1 reply 0 retweets 1 like -
-
Replying to @benhutchingsuk @tehjh
OK, so at some point we have to store some entropy for use at the next boot. Currently systemd does that immediately after seeding, by reading back from /dev/urandom. This doesn't seem cryptographically sound, but I can't claim to fully understand the implications.
2 replies 0 retweets 0 likes -
Replying to @benhutchingsuk
doesn't it do it both on boot (as a fallback) and on shutdown (normal)?
1 reply 0 retweets 0 likes -
Replying to @tehjh @benhutchingsuk
$ systemctl show systemd-random-seed.service | grep ExecStop ExecStop={ [...] argv[]=/lib/systemd/systemd-random-seed save [...]
1 reply 0 retweets 0 likes
so yeah, systemd already does that. which is also exactly what the kernel sources recommend: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c#n162 …
-
-
Replying to @tehjh @benhutchingsuk
except that for the code executed on boot to actually work properly, you'd have to use the new RNDRESEEDCRNG ioctl
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.