[talk] [nycbug-talk] FreeBSD abandoning hardware randomness

Jesse Callaway bonsaime at gmail.com
Mon Nov 3 11:35:44 EST 2014


It would be fun to make some amateur scatterplots.

I guess it buffers the output a bit somewhere since it has to "go back to
the source" after too much is read. If that's the case, I wonder if you can
go in and read ahead in the buffer while leaving it unconsumed? If this is
an attack vector then maybe wasting some randomness is a good thing. I'm
just thinking out loud. But the plots would be fun and something I can
comprehend.

Also fun would be to direct RF at it and then repeat the plots.

On Mon, Nov 3, 2014 at 12:58 AM, Brian Callahan <bcallah at devio.us> wrote:

>
> On 11/02/14 23:37, Isaac (.ike) Levy wrote:
>
>> On Sun, 02 Nov 2014 23:12:00 -0500
>> Brian Callahan <bcallah at devio.us> wrote:
>>
>>  On 11/02/14 21:13, Isaac (.ike) Levy wrote:
>>>
>>>> On Sun, 2 Nov 2014 20:34:34 -0500
>>>>
>>>>  TrueRNG – Hardware Random Number Generator USB
>>>>> http://ubld.it/products/truerng-hardware-random-number-generator/
>>>>>
>>>>> I'm excited to see this, what do people think?  $47 feels a bit
>>>>> high though...
>>>>>
>>>>> Rocket-
>>>>> .ike
>>>>>
>>>> And, as I continued looking for info online, came across another:
>>>>
>>>> "OneRNG" - totally open spec,
>>>> http://moonbaseotago.com/onerng/
>>>>
>>>>  Hmm... a couple things come to mind:
>>> First, TrueRNG seems to be a black box. So that's pretty much a
>>> non-starter.
>>>
>> Hrm.  I think I agree with you there- since the point is to do better
>> with this problem than software, (a lot better), it could be argued to
>> be a particularly un-kosher place for blackbox hardware.
>>
>>  Looks like OneRNG is only for Linux (atm); it requires udev to talk
>>> to the kernel... someone would need to write the necessary software.
>>>
>> Interesting...
>>
>>  But I'm not sure the problem these devices are trying to solve are
>>> problems for the BSDs, at least OpenBSD.
>>>
>> ;) I can see where that line of reasoning goes.
>>
>> Yet, I'd say we can *always* use better HW entropy sources,
>> (particularly ones which are cheap and replacable if they are
>> compromised- like these USB sticks).
>>
>> Where can my headless, microphone-less head-less servers get their
>> entropy?  What if I even disabled entropy seeding/harvesting in the NIC
>> because it doesn't really do any good with my app/use?
>>
>> If you know a good way out of these issues without hardware interfaces
>> to the "real and random" world, I'm all ears!
>>
>>
> Yes ok, but I know you're also not the type of person who will plug it in
> and believe that you're all good. And I think that really matters. If you
> really had a machine that had no way to gather entropy (I'm slightly
> sceptical that such a machine really exists, but let's say it does) then
> sure, one of these things would be a cheap, throw away if compromised, way
> to accomplish what you need. But again, I don't think you'd be the type to
> just plug it in and assume all is well.
>
> I always imagine these things being used on $random_laptop by $random_user
> and marketed for that purpose. And in that case there is concern over the
> "plug it in and I'm good" mentality. People not knowing how to recognize a
> compromised stick (or worse, not knowing that they can be compromised).
>
> I still think for your everyday laptop not having one of these keys is the
> way to go (perhaps though one should use an OS that does the random thing
> well ;-) ).
>
> Anyhow, these things aren't a solution to anything without proper software.
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>



-- 
-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20141103/d4248be3/attachment.htm>


More information about the talk mailing list