--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: kdebase: kdm should NOT use /dev/urandom -- doing so deliberately weakens the security of the system
- From: Branden Robinson <branden@debian.org>
- Date: Sat, 27 Aug 2005 23:45:39 -0500
- Message-id: <20050828044539.1FED968C053@sisyphus.deadbeast.net>
Package: kdebase
Version: 4:3.4.2-1
Severity: important
Tags: security
I strenuously disagree with the upstream decision taken to point kdm at
/dev/urandom instead of /dev/random for entropy.
Using /dev/urandom is fine for unserious application that need a source of
(pseudo-)random numbers, such as games.
Display managers like kdm and xdm do not read /dev/random for frivolous
purposes, however -- they use it to get a seed for a session authorization
key (in the case of xdm, for the XDM-AUTHORIZATION-1 protocol, and maybe
MIT-MAGIC-COOKIE-1 as well).
A few years ago someone (maybe it was me, I don't remember) wrote a patch
to xdm that implements a "randomStream" resource -- older version of xdm,
from which kdm was forked a long time ago, used "/dev/mem" as its entropy
source, and as that file was not anywhere to close to entropic, the code
would read 8MB of data and hash it.
Reading 8MB from /dev/random is indeed stupid -- but reading that much data
from /dev/urandom instead is not the right fix. The right fix is to read
only the data you need from a known entropic source. In the case of xdm
(and almost certainly kdm), that's just a few bytes.
Reading the bits for the crypto key from /dev/urandom might be fine for
distributions like Linspire that run the graphical desktop as root by
default, but it's not for us. We should be as secure as we can reasonably
be by default.
Once #76336 was fixed, the complaints I was getting about xdm taking
"forever" to start ceased.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76336;archive=yes
If you'd like to discuss this further, I suggest the debian-devel mailing
list. It may be that most people disagree with me, though I hope not.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.9-powerpc-smp
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
- To: 325369-done@bugs.debian.org
- Subject: Re: kdebase: kdm should NOT use /dev/urandom -- doing so deliberately weakens the security of the system
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Wed, 13 Jun 2007 22:38:37 +0200
- Message-id: <20070613203837.GA14301@galadriel.inutil.org>
- In-reply-to: <20050828044539.1FED968C053@sisyphus.deadbeast.net>
- References: <20050828044539.1FED968C053@sisyphus.deadbeast.net>
Branden Robinson wrote:
> Package: kdebase
> Version: 4:3.4.2-1
> Severity: important
> Tags: security
>
> I strenuously disagree with the upstream decision taken to point kdm at
> /dev/urandom instead of /dev/random for entropy.
>
> Using /dev/urandom is fine for unserious application that need a source of
> (pseudo-)random numbers, such as games.
Linux' PRNG provides quality randomization for /dev/urandom, it's not
comparable with /dev/urandom from legacy Unix clones. See random(4) for
details. Plus, it's non-blocking.
Cheers,
Moritz
--- End Message ---