[OpenWrt-Devel] [PATCH 0/4] add μrngd: true RNG based on timing jitter

Petr Štetiar ynezz at true.cz
Tue May 28 02:37:48 PDT 2019


Rosen Penev <rosenp at gmail.com> [2019-05-27 19:19:53]:

Hi,

> Tested this on both mt7621 and Turris Omnia. Works pretty well. Init
> gets done fast.

thanks a lot for testing, can you please reply with your Tested-by next time
so the patchwork could add this tag automatically to this patch?

> The Turris people might want something like this or they need to fix haveged
> to run earlier.

I've been recommended haveged many times (by someone from nic.cz as well), so
my initial idea was to simply give it a go and create uhaveged, but I quickly
came to the conclusion, that it won't work for OpenWrt for many reasons, which
I've already forget, but I think it wasn't truly multiplatform solution due to
some compiler/assembly magic.

Then I've simply found out, that haveged is no longer considered good
enough[1] by the security community:

 Also the use of `haveged` is recommended, which is a bad idea as this daemon
 can create blocking situations during key generation effectively creating a
 deadlock and thus security problems. haveged's design is from 2002, it has
 never been audited, there're only papers by the original authors available.

Even Andre Seznec, one of the main HAVEGE authors stated following[2]:

 He also pointed out a security warning: with some VMs, the hardware cycles
 counter is emulated and deterministic, and thus predictible[3]. He therefore
 does not recommend using HAVEGE on those systems.

so I started looking at other options and luckily enough, I've found out about
this KISS jitter RNG.

1. https://lists.cert.at/pipermail/ach/2017-May/002251.html
2. https://github.com/BetterCrypto/Applied-Crypto-Hardening/commit/cf7cef7a870c1b77089b1bd6209ded6525b5a4e0#commitcomment-23006392
3. https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02

-- ynezz 



More information about the openwrt-devel mailing list