[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)

On Sat, 14 Dec 2013, Robert Millan wrote:
> "we are going to backtrack and remove RDRAND and Padlock backends and feed
> them into Yarrow instead of delivering their output directly to /dev/random.

Yeah, I think Linux went through similar blindness braindamage sometime ago,
but blind trust on rdrand has been fixed for a long time now, and it never
trusted any of the other HRNGs (or used them for anything at all without a
trip through "rng-tools" userspace until v3.12).

> Advice from Security Team would be appreciated in order to determine which
> action needs to be taken in Debian.

IMO, Debian kernels ought to never blindly trust RDRAND, or any other HRNG,
for anything related to /dev/random.

Note that the kernel can trust such in-cpu, high-bandwidth/low-latency HRNGs
for other uses that are not related to key material (such as to implement

> kfreebsd 8.3 and 9.0 (wheezy):
> 	Sets Via chipset to serve /dev/random unconditionally whenever detected,
> 	but only on i386 (not amd64). Does not support Intel entropy source.
> 	(see sys/dev/random/probe.c)

Backporting the fix to these kernels might be a good idea, probably best
routed through an stable update upload (and not a security upload).

> kfreebsd 9.2 (jessie / sid):
> 	Sets Via or Intel chipset to serve /dev/random when detected,
> 	unless hw.nehemiah_rng_enable or hw.ivy_rng_enable are set to zero
> 	to disable them.

Remove, switch to kfreebsd 10.  Either that, or backport the fix from
kfreebsd 10.

> kfreebsd 10~ (sid):
> 	All versions in Debian already have the fixed code, which replaces
> 	random_adaptor_register() with live_entropy_source_register(), thereby
> 	registering Via and Intel chips as "entropy sources" to be post
> 	processed by Yarrow, rather than directly as "random adaptors".

Quite acceptable, as it means we'd have the same policy across Linux and

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: