[Pkg-sysvinit-devel] Bug#455230: Bug#455230: /etc/init.d/urandom: please consider doign dmesg > /dev/random at startup
Henrique de Moraes Holschuh
hmh at debian.org
Thu Dec 13 13:32:26 UTC 2007
On Wed, 12 Dec 2007, Marc Haber wrote:
> On Wed, Dec 12, 2007 at 05:45:55PM -0200, Henrique de Moraes Holschuh wrote:
> > On Sun, 09 Dec 2007, Marc Haber wrote:
> > > during a discussion on the LKML, it was suggested to do "dmesg >
> > > dev/random" in the startups scrips of a distribution. Please
> > > consider doing this in Debian.
> >
> > Debian already seeds /dev/random with data from the last shutdown. And
> > there is little entropy in dmesg. Maybe we could do dmesg | gzip, to
> > increase the entropy per bit of data a lot, but it still doesn't help much:
> > since the output of dmesg doesn't change much from one boot to the next
> > one, that could open an avenue of attack on the initial state of the PRNG.
> >
> > Exactly why do you want to do this?
>
> Ted suggested this to get some system-dependent information (for
> example, the MAC address) into the entropy pool to avoid identical
> systems to be seeded identically.
Sounds good for the install that creates the first seed, as long as you pipe
dmesg through gzip -9 first. Please clone this bug against the relevant
package (I don't know which one is it, nowadays :-().
However, in order to use it on anything but the install, we *must* be sure
that it will not dominate the entropy pool state, since it is not that
random. We can't just cat it into /dev/random, it has to be added to the
entropy pool.
I'd advocate a small C or perl script that gets the kernel ring buffer
(dmesg output), gzip it with the highest compression level (any *good*
compression engine would do, actually), runs sha-512 on it to further
increase the entropy per bit and also to avoid dominating the pool with a
large write, and then feeds the *binary* output of the sha-512 into the
random pool, claiming 5% entropy per bit (this is an IOCTL call on
/dev/random).
One could probably skip the gzip, but I'd leave it there just in case.
That should be safe enough to do at every boot. And of course, it has to
live in /sbin or /bin, so it is probably easier to make it a small C
utility.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-sysvinit-devel
mailing list