GNU bug report logs - #23605
/dev/urandom not seeded across reboots

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 23 May 2016 17:59:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Subject: bug#23605: closed (Re: bug#23605: /dev/urandom not seeded across
 reboots)
Date: Sun, 29 May 2016 00:05:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#23605: /dev/urandom not seeded across reboots

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 23605 <at> debbugs.gnu.org.

-- 
23605: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=23605
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: 23605-done <at> debbugs.gnu.org
Subject: Re: bug#23605: /dev/urandom not seeded across reboots
Date: Sat, 28 May 2016 20:04:31 -0400

On Sat, May 28, 2016 at 08:00:58PM -0400, Leo Famulari wrote:
> On Sat, May 28, 2016 at 10:53:08PM +0200, Ludovic Courtès wrote:
> > 
> > OK with these changes.
> 
> Done as a535e12226!


[Message part 3 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: /dev/urandom not seeded across reboots
Date: Mon, 23 May 2016 13:58:32 -0400

[Message part 4 (text/plain, inline)]
I realized that we don't seem to be saving any of the entropy in the
kernel's random pool [0] across reboots.

This means that for some period after boot, /dev/urandom may not be safe
to use. From random(4):

---
If  a seed file is saved across reboots as recommended below (all major
Linux distributions have done this since 2000 at least),
[/dev/urandom's] output is cryptographically  secure against  attackers
without  local  root access as soon as it is reloaded in the boot
sequence, and perfectly adequate for network encryption session  keys.
---

I interpret that text to mean that, without use of a seed file,
urandom's output is *not* adequate for network encryption session keys
(SSH, TLS, etc) until enough entropy has been gathered. I don't know how
long that takes.

I've attached my not-yet-working attempt at a urandom-seed-service. I
tried to get it working on my own but I need the assistance of some more
experienced Guix hackers :)

I've also attached a stand-alone Guile script to illustrate what the
effect of the service should be. This script does seem to work. I'm sure
the use of shell tools could be replaced by Guile.

After applying my patch and attempting `guix system vm ...`, I get the
attached backtrace.

Does anyone have advice about the service? Am I wrong that we need to
seed /dev/urandom to make it work properly?

[0] See the man page for random(4).

[random.scm (text/plain, attachment)]
[urandom-seed.patch (text/x-diff, attachment)]
[backtrace (text/plain, attachment)]
This bug report was last modified 9 years and 53 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.