'Re: [qubes-devel] Shared data between AppVMs: random seed'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Shared data between AppVMs: random seed
From:       HW42 <hw42 () ipsumj ! de>
Date:       2016-02-16 2:02:01
Message-ID: 56C28319.5090002 () ipsumj ! de
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Patrick Schleizer:
> There are various issues wrt to the security of randomness / entropy in
> Linux distributions generally. (therefore also in Qubes). More so in VMs
> and read-only media. I am unable to express most of them for now. Please
> read the following:
> https://www.av8n.com/computer/htm/secure-random.htm

This contains some intresesting thoughts on seeding (I think the
vmlinux/initramfs seeding is an interesting approach for non Qubes
systems), but it lacks a description of the current state of the Linux
RNG.

> ***
> 
> https://github.com/QubesOS/qubes-core-agent-linux/blob/master/vm-systemd/qubes-random-seed.sh
>  
> > qubesdb-read /qubes-random-seed | base64 -d > /dev/urandom
> 
> Would it make sense to add below...
> 
> qubesdb-read /qubes-random-seed | base64 -d > /dev/random
> 
> ?

No. There is no difference between writing to random/urandom see [0], [1].

> ***
> 
> Related...
> persist random seed files [entropy] in TemplateBasedVMs
> https://github.com/QubesOS/qubes-issues/issues/1752

I think since we seed from dom0 we can ignore the non-persistence of
those seeds.


There are two things which I don't consider important but might be worth
to think about regarding the current solution.

1) Try harder to seed early.

Currently there are a few things which get executed before the seeding
through dom0. I think this is ok since the RNG is mostly important for
the applications run by the user which get started much later. But with
some tricks this could be done much earlier.


2) Clear the entropy estimate at DispVM start.

We reseed the RNG during the DispVM start, but as discussed earlier we
could also reset the entropy estimate. See [2], [3].


[0]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c?h=v4.4#n1584
 [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c?h=v4.4#n1512
 [2]: https://groups.google.com/d/msgid/qubes-devel/55E253E3.8020704%40ipsumj.de
[3]: https://groups.google.com/d/msgid/qubes-devel/55E25227.3060709%40ipsumj.de
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWwoMXAAoJEOSsySeKZGgWww0P/i88iJiaL403p9MukSwwdMaT
kFUdHkXS6ArLc4dWMi2BrPw9/rlbvH+EAH7qeSR2QLMczxinb+v/xV5SuXDZWM5b
7ZSYYjcdJdQHLCK9i25fLSYFc2VhFPuqXhuEhbNKTd2vm6cPfkwlVEPlhleaouCJ
wnZ9MFHZ07pgLMrTUT7HCRbQw3Q4liwa8JukfwED2DQYHAWVlU2Wjf4RoYvCy9nl
ugdUUYEXEVBbDfUL3c7gJHd1wzLEkBPDkFmYT19uh1JklTiblcs1H4Pz0xOgI106
sOrVKKC0QaA42qXfZbtQnE6D4NnrNpP9UBfENsAbRzqBGlWSwdJQSnZu3lOxFwiC
fWjI3pANZTSXLgyPeT5p9vwYs4A4Bh0x8RVK1WKFZ8u8Mp0PmZJck49oJmIZ7EVz
+LeaKlwD7mc7xSUYSi1rH6W3RdDi8cRXkMGFs4K506+bJENMO1BJ4SnAxZtLruZb
pUPsWxnvcxcPXjtpxBUYsdvdm3pZrgUN+kaigQ8r+PyzobW/N1UIIL+L/O5w4kSY
we+wai9M/77zJ5EIO92prGQD3huDnHzZaYG66nmmLAxKQ9ouvwGj7I6E1YH3NAqq
WeHzaRTQwLOUw++ZX1B11b2QcEdMLFILTOyDI+gp6emLm3GuZAW4dAf3cJzDUNuk
NP8QcjKVHRxVBkF/rNWg
=+CBA
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/56C28319.5090002%40ipsumj.de. For more \
options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic