Re: Where to put start-up and shutdown code from `man 4 random`?
On Fri, 11 Jul 2014, Kynn Jones wrote:
> The documentation in `man 4 random` (**Configuration** section) gives a
> couple of shell-script snippets that it recommends should be added,
> respectively, "to an appropriate script which is run during the Linux
> start-up sequence" and "to an appropriate script which is run during the
> Linux system shutdown". (It is silent on what those "appropriate scripts"
> should be.)
Debian already does this properly in sysvinit mode. So Debian wheezy is
covered. Refer to /etc/init.d/urandom
For Debian jessie and sid, I haven't audited the systemd stuff to make sure
this thing actually runs when it should, but there is code to initialize the
random pool in systemd (file src/random-seed/random-seed.c). It looks like
it does a slightly worse job than the sysvinit shell script (fails to mix in
high-res current time), but this is should be harmless on recent kernels
(which have a much better random subsystem initialization).
systemd could be enhanced to do a lot better: mix in clock_gettime() output,
and other variable and machine-specific data such as the kernel and systemd
logbuffer, as well any other not-security-sensitive systemd state, all of it
compressed[1] through a crypto hash. This is _NOT_ to "add randomness",
although it will have a little entropy. This is a best-effort defense
against equal pool state between otherwise nearly identical boxes[2], and it
is valuable even when the kernel already tried to do it.
[1] think of it as a extremely lossy compression: we only care to retain
the entropy in the source data.
[2] http://eprint.iacr.org/2012/064, https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs/
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: