[LEDE-DEV] LEDE re-saving entropy in /etc/urandom.seed only seconds after each boot?

Eric Luehrsen ericluehrsen at hotmail.com
Sun Feb 19 10:23:10 PST 2017 

A random seed doesn't need to be stored all that often. Statistical 
randomness or entropy is a physics concept more so than security 
(quantum physics, Heisenberg). As long as the random seed is generated 
with respect to the devices unique perspective within the universe 
including time reference that perspective is seen, then no other device 
should have the same seed.

This is a greatly over simplified outline. Assuming a good hash 
algorithm this could be accomplished in a few steps. Permanent Static 
Seed: hash all the known physically identifying unique and non-unique 
things you can find on the device (CPUID, MAC, OS Release); save it for 
convenience even though you could redo. Permanent Dynamic Seed: hash the 
static seed with first time dynamic events. ... the first DHCP WAN 
address and time it was received, back corrected by true time using NTP, 
and NTP time that was first adjusted, and, and, and, ... save that. 
Session Dynamic Seed: using the permanent dynamic seed to start redo the 
dynamic time based hash every new session, reboot, or VM launch. Don't 
save this; redo it fresh. Each step checked for statistical anomalies 
(suppose all 0xA5) and take some fix-up path. But this should show how 
to have random data for a unique device that is unique for that devices 
own timeline. You should not need to overuse the flash.

On 02/18/2017 06:03 PM, Etienne Champetier wrote:
> Hi Kostas,
>
> In general you should always add lede-dev so that more people can
> answer and/or benefit from the answer
>
> 2017-02-18 13:38 GMT-08:00 Kostas Papadopoulos <kpapad75 at travelguide.gr>:
>>
>>
>> Etienne/John, I'd like to say that I very much appreciate your contributions
>> to OpenWrt/LEDE on improving its security, but I have a question about the
>> relatively new LEDE feature that saves entropy once into /etc/urandom.seed
>> (default) and then re-seeds the pool at every boot.
>
> This default of saving a seed only once was chosen to not write too
> often to the flash and damage the user router without the user
> consent,
> but it still help to have all same model routers (with same firmware)
> to not share the same state (after the second boot)
>
>>
>> My other systems (Debian, Ubuntu) re-save entropy at every shutdown and
>> re-seed the pool at every boot.
>>
>> If I enable (by configuring a path to the file /etc/urandom.seed) entropy
>> re-saving in LEDE, it re-saves entropy only a few seconds after every
>> reboot. But it's hardly enough time for new entropy to accumulate, isn't it?
>
> We are using the getrandom syscall which gives this promise
> http://man7.org/linux/man-pages/man2/getrandom.2.html
> "getrandom() will block until the entropy pool has been initialized"
> So my answer is: it's enough according to the kernel devs (and if it's
> not enough it's a bug on the kernel side that need to be fixed)
>
>>
>> Is there a new solution in the works that does preserves entropy between
>> shutdowns, as the other Linux distros do?
>
> We save the seed on startup because you can't rely on clean
> shutdown/reboot in the embedded world (people often unplug/replug the
> power to reboot)
> Also saving on startup or shutdown doesn't make any difference as long
> as the entropy pool has been initialized (that's getrandom promise)
>
> So for me, by setting 'urandom_seed' config to a file
> (/etc/urandom.seed) you "preserve enough entropy" between restart, and
> it's equivalent to what other distro do (save a seed / restore it)
>
> Small disclaimer, I'm not a security expert and this is only my
> understanding on the subject
>
> Regards
> Etienne
>
>>
>> Thank you in advance for your consideration,
>>
>> KP
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
>

More information about the Lede-dev mailing list