[LEDE-DEV] LEDE re-saving entropy in /etc/urandom.seed only seconds after each boot?
Etienne Champetier
champetier.etienne at gmail.com
Sun Feb 19 13:10:11 PST 2017
Hi Eric,
2017-02-19 10:23 GMT-08:00 Eric Luehrsen <ericluehrsen at hotmail.com>:
> A random seed doesn't need to be stored all that often. Statistical
> randomness or entropy is a physics concept more so than security
> (quantum physics, Heisenberg). As long as the random seed is generated
> with respect to the devices unique perspective within the universe
> including time reference that perspective is seen, then no other device
> should have the same seed.
Saving a seed 1 time prevent 2 routers from having the same state,
but you have almost the same state for 1 router across electrical
reboot (you often don't have RTC)
>
> This is a greatly over simplified outline. Assuming a good hash
> algorithm this could be accomplished in a few steps. Permanent Static
> Seed: hash all the known physically identifying unique and non-unique
> things you can find on the device (CPUID, MAC, OS Release); save it for
> convenience even though you could redo. Permanent Dynamic Seed: hash the
> static seed with first time dynamic events. ... the first DHCP WAN
> address and time it was received, back corrected by true time using NTP,
> and NTP time that was first adjusted, and, and, and, ... save that.
> Session Dynamic Seed: using the permanent dynamic seed to start redo the
> dynamic time based hash every new session, reboot, or VM launch. Don't
> save this; redo it fresh. Each step checked for statistical anomalies
> (suppose all 0xA5) and take some fix-up path. But this should show how
> to have random data for a unique device that is unique for that devices
> own timeline. You should not need to overuse the flash.
Many softwares need some random bits on startup, not everyone use
DHCP, and NTP sync might happen after many program startup.
The only thing that change in all you list is time (you often get the
same IP via DHCP), so not much entropy.
Saving a seed each time is simple and safe, and I personally (and i
hope many others) have multiple month uptime on my routers, so I'm not
overusing the flash
Regards
Etienne
>
> On 02/18/2017 06:03 PM, Etienne Champetier wrote:
>> Hi Kostas,
>>
>> In general you should always add lede-dev so that more people can
>> answer and/or benefit from the answer
>>
>> 2017-02-18 13:38 GMT-08:00 Kostas Papadopoulos <kpapad75 at travelguide.gr>:
>>>
>>>
>>> Etienne/John, I'd like to say that I very much appreciate your contributions
>>> to OpenWrt/LEDE on improving its security, but I have a question about the
>>> relatively new LEDE feature that saves entropy once into /etc/urandom.seed
>>> (default) and then re-seeds the pool at every boot.
>>
>> This default of saving a seed only once was chosen to not write too
>> often to the flash and damage the user router without the user
>> consent,
>> but it still help to have all same model routers (with same firmware)
>> to not share the same state (after the second boot)
>>
>>>
>>> My other systems (Debian, Ubuntu) re-save entropy at every shutdown and
>>> re-seed the pool at every boot.
>>>
>>> If I enable (by configuring a path to the file /etc/urandom.seed) entropy
>>> re-saving in LEDE, it re-saves entropy only a few seconds after every
>>> reboot. But it's hardly enough time for new entropy to accumulate, isn't it?
>>
>> We are using the getrandom syscall which gives this promise
>> http://man7.org/linux/man-pages/man2/getrandom.2.html
>> "getrandom() will block until the entropy pool has been initialized"
>> So my answer is: it's enough according to the kernel devs (and if it's
>> not enough it's a bug on the kernel side that need to be fixed)
>>
>>>
>>> Is there a new solution in the works that does preserves entropy between
>>> shutdowns, as the other Linux distros do?
>>
>> We save the seed on startup because you can't rely on clean
>> shutdown/reboot in the embedded world (people often unplug/replug the
>> power to reboot)
>> Also saving on startup or shutdown doesn't make any difference as long
>> as the entropy pool has been initialized (that's getrandom promise)
>>
>> So for me, by setting 'urandom_seed' config to a file
>> (/etc/urandom.seed) you "preserve enough entropy" between restart, and
>> it's equivalent to what other distro do (save a seed / restore it)
>>
>> Small disclaimer, I'm not a security expert and this is only my
>> understanding on the subject
>>
>> Regards
>> Etienne
>>
>>>
>>> Thank you in advance for your consideration,
>>>
>>> KP
>>
>> _______________________________________________
>> Lede-dev mailing list
>> Lede-dev at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/lede-dev
>>
More information about the Lede-dev
mailing list