Fixing getrandom()

Posted Sep 27, 2019 17:55 UTC (Fri) by patrakov (subscriber, #97174)
In reply to: Fixing getrandom() by jcm
Parent article: Fixing getrandom()

This is what I would call "shifting the responsibility" and reject on this basis. Exactly the same logic as described in the article for getrandom() also applies to the UEFI random number protocol: where does it get the seed? If it is fake, then it is a very roundabout way to return fake entropy. If it consults some hardware, then the kernel can do the same.

Fixing getrandom()

Posted Sep 27, 2019 18:37 UTC (Fri) by jem (subscriber, #24231) [Link] (3 responses)

A new seed is written before the computer is rebooted. This way the accumulated entropy is not flushed at restart.

Fixing getrandom()

Posted Sep 27, 2019 19:05 UTC (Fri) by walters (subscriber, #7396) [Link] (2 responses)

Yeah though, actually *crediting* it is a different step: https://github.com/systemd/systemd/issues/4271 (and crediting is highly relevant to this discussion)

Fixing getrandom()

Posted Sep 29, 2019 20:05 UTC (Sun) by NYKevin (subscriber, #129325) [Link] (1 responses)

I recommend clicking through to that bug report. This is more complicated than I had imagined, because in cases where people take images of live systems, you really shouldn't credit any "stored" entropy at all (because it's been duplicated umpteen times into other instances of the same image, so it's no longer unpredictable). But you can't know that someone imaged the system, so how do you square that circle?

Fixing getrandom()

Posted Sep 29, 2019 20:27 UTC (Sun) by patrakov (subscriber, #97174) [Link]

This is exactly why I say "don't". Too many bugs stem from our desire do achieve the impossible instead of giving up immediately.

OTOH, jitter entropy will definitely help here, up to the point of making it completely unneeded to save entropy between reboots.