|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] randomness security issue?
On 21 February 2016 at 00:56, Patrick Schleizer <patrick-mailinglists@xxxxxxxxxx> wrote: > Thomas Leonard: >> On 20 February 2016 at 18:01, Patrick Schleizer >> <patrick-mailinglists@xxxxxxxxxx> wrote: >>> Under https://www.av8n.com/computer/htm/secure-random.htm#sec-discuss he >>> explains, that the kernel requires randomness even before init / upstart >>> / systemd has been started. >> >> Hi Patrick, >> >> I'm not sure what connection this has to Mirage. We don't have >> upstart, systemd or an init process. > > xentropyd might still jump in too late in a similar way? What does it mean to "require randomness even before init" on a system that doesn't have an "init"? It does seem, however, that entropy gets initialised in a very strange (and possibly error-prone) way in mirage and perhaps we should change that. e.g. let tls_conduit_connector1 = lazy ( let __nocrypto1 = Lazy.force nocrypto1 in __nocrypto1 >>= function | `Error _e -> fail (Failure "nocrypto1") | `Ok _nocrypto1 -> return (`Ok Conduit_mirage.with_tls) ) If `with_tls` took an entropy argument here we could statically ensure that it really is initialised first. However, I think there was some disagreement about this in the past, and maybe there's a reason for the current system. -- Dr Thomas Leonard http://roscidus.com/blog/ GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |