Re: svn commit: r239569 - head/etc/rc.d

On 9/10/2012 1:28 PM, Dag-Erling Sm鷨grav wrote:
> Doug Barton <dougb@FreeBSD.org> writes:
>> 3. Write a script to reboot, and once the system is fully booted do 'dd
>> if=/dev/random of=saved-random-out.$i count=4096' then reboot again
>> immediately. Values of i from 1 to 10,000 ought to do it.
>> 4. sha256 the saved-random-out files and see how many duplicates there are.
> 
> I doubt there will be any exact duplicates, but closer statistical
> analysis might reveal a slight bias.  For instance, if my intuition
> serves, the Hamming distance between any pair of samples, when averaged
> over a large number of samples, should be half the sample length.  I'm
> sure a professional statistician or cryptanalyst could come up with more
> accurate ways of detecting bias.

Arthur's assertion was a high statistical likelihood of exact
duplicates. His words were something like, "I'm sure we would see the
exact same ssh keys generated." I agree with you that more thorough
analysis would be useful, but what I'm looking for is proof of Arthur's
precise assertion.

> The script in question, by the way, could simply be a few extra lines at
> the end of /etc/rc.d/initrandom; 

No, that would specifically _not_ be an acceptable test. The only valid
test is after the system is fully booted, both to take rc.d/random into
account, and to allow for initial hardware entropy gathering to have
full effect.

Remember, the assertion that David and Arthur are making is that
re-using the files in /var/db/entropy is harmful.

-- 

    I am only one, but I am one.  I cannot do everything, but I can do
    something.  And I will not let what I cannot do interfere with what
    I can do.
			-- Edward Everett Hale, (1822 - 1909)
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"