[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] randomness security issue?

On 21 February 2016 at 00:56, Patrick Schleizer
<patrick-mailinglists@xxxxxxxxxx> wrote:
> Thomas Leonard:
>> On 20 February 2016 at 18:01, Patrick Schleizer
>> <patrick-mailinglists@xxxxxxxxxx> wrote:
>>> Under https://www.av8n.com/computer/htm/secure-random.htm#sec-discuss he
>>> explains, that the kernel requires randomness even before init / upstart
>>> / systemd has been started.
>> Hi Patrick,
>> I'm not sure what connection this has to Mirage. We don't have
>> upstart, systemd or an init process.
> xentropyd might still jump in too late in a similar way?

What does it mean to "require randomness even before init" on a system
that doesn't have an "init"?

It does seem, however, that entropy gets initialised in a very strange
(and possibly error-prone) way in mirage and perhaps we should change
that. e.g.

let tls_conduit_connector1 = lazy (
  let __nocrypto1 = Lazy.force nocrypto1 in
  __nocrypto1 >>= function
  | `Error _e -> fail (Failure "nocrypto1")
  | `Ok _nocrypto1 ->
  return (`Ok Conduit_mirage.with_tls)

If `with_tls` took an entropy argument here we could statically ensure
that it really is initialised first. However, I think there was some
disagreement about this in the past, and maybe there's a reason for
the current system.

Dr Thomas Leonard        http://roscidus.com/blog/
GPG: DA98 25AE CAD0 8975 7CDA  BD8E 0713 3F96 CA74 D8BA

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.