[Opendnssec-user] ods-signerd calling vmstat?!?

[Rickard Bellgrim]

>
> When polling for entropy, the PRNG will start with the first entropy
> source added and then go through the list. The last entropy source,
> Unix_EntropySource, will include the list of commands as mentioned earlier
> in this email thread. The “ls -alni /tmp” has priority 4 out of 5. This
> makes it one of the last commands in the last entropy source.
>
> Each byte gathered by the Unix_EntropySource is counted as 0.005 bits
toward the 128 bit polling goal. We can count the number of bytes returned
from each command in priority 1 to priority 3. My system did not have all
commands, but this was the number of bytes I polled using the commands.

netstat -in | wc -c
269
vmstat -s | wc -c
764
vmstat | wc -c
234
arp -a -n | wc -c
112
ifconfig -a | wc -c
922
ipcs -a | wc -c
1591
netstat -an | wc -c
39167
netstat -s | wc -c
2267
uname -a | wc -c
104
uptime | wc -c
71
ps -A | wc -c
6246

Total number of bytes: 51747. Multiply this with 0.005 and we get 258.735
bits of entropy according to Botan. This is more than the goal of 128 bits.

So even if we ignore all of the other entropy sources than
Unix_EntropySource, we would still most likely return before even calling
the command "ls -alni /tmp".

I believe we have the following discussion points:
1. (Original topic) vmstat causes kernel messages. What modifications do we
want to Botan?
2. "ls -alni /tmp" is used as a last resort entropy source. It is not good
to poll entropy from a directory that users can control. Botan will most
likely not use this source. Should Botan remove this command? Even if it is
not directly used in the cryptographic operations (the seed is passed
through two RNGs)?
3. Should SoftHSM add checks verifying that the RNG is seeded with good
sources (the build flags from botan/build.h)?

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20130902/97cb52c7/attachment.htm>