[Cryptography] where shall we put the random-seed?
Jason Cooper
cryptography at lakedaemon.net
Wed Jan 4 14:26:51 EST 2017
Hi Ted,
On Mon, Jan 02, 2017 at 06:09:36PM -0500, Theodore Ts'o wrote:
> On Mon, Jan 02, 2017 at 08:21:16PM +0000, Jason Cooper wrote:
> > Well, I disagree. I'd prefer not to give up just because the rest of it
> > is crappy. It may not always be that way. We should fix what we have
> > the power to fix as soon as we can. Especially with the long deployment
> > cycles of embedded systems.
>
> It's not a matter of giving up; I'm just questioning your assumption
> that there won't be regular clean shutdowns.
Ok, I see what you were after. The random-seed may be no-credit, but
once it's been saved with entropy pool >128 bits, then the system is no
longer in a bad state. I can buy that.
While pondering this, I hit on a slightly different idea. Right now,
the init scripts save the seed at boot up regardless of amount of
entropy gathered. This is in case of unclean shutdown.
Why not trigger a KOBJ_UEVENT_CHANGE when the entropy crosses a given
threshold? Userspace can save to random-seed then.
With that in place, we wouldn't have to rely on clean shutdowns nearly
as much. We also wouldn't be guessing (as in my original proposal)
about when to grab a new seed.
One could even argue about only collecting the seed at bootup if there
was a previous seed read in. In that scenario, the existence of the
seed implies it was collected when entropy level >$threshold.
thx,
Jason.
More information about the cryptography
mailing list