Re: fix for no ssh

To: debian-user@lists.debian.org
Subject: Re: fix for no ssh
From: Curt <curty@free.fr>
Date: Mon, 8 Jul 2019 16:18:28 -0000 (UTC)
Message-id: <[🔎] slrnqi6r6k.21v.curty@einstein.electron.org>
References: <[🔎] 201907071029.23210.gheskett@shentel.net> <[🔎] a0d958a0a2649252c0997acd0630d83ed0ef6b1a.camel@yxit.co.uk> <[🔎] 20190707164348.k3txnfamgaupmzam@localhost> <[🔎] CAJmb-Ykzu=icMr3Zk-U41Ur_tSKqObuJ5C0jNi4my5UchhBYgg@mail.gmail.com> <[🔎] 20190708065440.hrxbo4e3752rbqpv@localhost> <[🔎] slrnqi61jg.21v.curty@einstein.electron.org> <[🔎] 20190708101816.md42tm7u2v57pm6u@localhost> <[🔎] slrnqi6leg.21v.curty@einstein.electron.org> <[🔎] 20190708153110.GQ2450@eeg.ccf.org>

On 2019-07-08, Greg Wooledge <wooledg@eeg.ccf.org> wrote:
>
> I don't have any opinions at this time about the trustworthiness of
> various x86 CPU RDRAND instructions, but...

Well, looking at Ted Ts'o short patch, where he mentions the security
implications of the thing at some length, *twice*---once in the "intro"
I quoted, and once again in the comments of the patch itself, where he
says

 Since this is not something that can be independently audited, this
 amounts to trusting that CPU manufacturer (perhaps with the insistence
 or mandate of a Nation State's intelligence or law enforcement
 agencies) has not installed a hidden back door to compromise the CPU's
 random number generation facilities.

and reading the following from Ts'o circa 2013:

https://daniel-lange.com/documents/130905_Ted_Tso_on_RDRAND.pdf

 I am so glad I resisted pressure from Intel engineers to let /dev/random
 rely only on the RDRAND instruction.   To quote from the article below:
"By this year, the Sigint Enabling Project had found ways inside some of
 the encryption chips that scramble information for businesses and
 governments, either by working with chipmakers to insert back doors...."
 Relying solely on the hardware random number generator which is using an
 implementation sealed inside a chip which is impossible to audit is a
 BAD idea
(quoted article "N.S.A. Foils Much Internet Encryption" from nytimes.com)

the opinion I form is this is dishonest and wrong of Debian, *as things
now stand and to my knowledge of the workaround and the Buster
release-notes describing it*, to implement a default, exclusive reliance
on the RNG of a closed-source, black-box cpu, without clearly spelling
out the grave security concerns attached to this reliance (I'd like to
see a direct quote of Theodore Ts'o in the release-notes, who, after
all, is the authority in this matter.

> What on earth happened to simply saving entropy on disk across reboots?

This is the very "insecurity" (entropy saved across boot) which systemd
strived to get rid of, as I understand it (thus the problem).

-- 
"These findings demonstrate that under appropriate conditions the isolated,
intact large mammalian brain possesses an underappreciated capacity for
restoration of microcirculation and molecular and cellular activity after a
prolonged post-mortem interval." From a recent article in *Nature*. Holy shit.

Reply to:

Follow-Ups:
- Re: fix for no ssh
  - From: Andy Smith <andy@strugglers.net>

References:
- fix for no ssh
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fix for no ssh
  - From: Tixy <tixy@yxit.co.uk>
- Re: fix for no ssh
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: fix for no ssh
  - From: Nicholas Geovanis <nickgeovanis@gmail.com>
- Re: fix for no ssh
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: fix for no ssh
  - From: Curt <curty@free.fr>
- Re: fix for no ssh
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: fix for no ssh
  - From: Curt <curty@free.fr>
- Re: fix for no ssh
  - From: Greg Wooledge <wooledg@eeg.ccf.org>

Prev by Date: Re: fix for no ssh
Next by Date: Re: fix for no ssh
Previous by thread: Re: fix for no ssh
Next by thread: Re: fix for no ssh
Index(es):
- Date
- Thread