[OpenWrt-Devel] [PATCH 0/4] add μrngd: true RNG based on timing jitter

Sun Jun 2 09:50:37 EDT 2019

On 28.05.2019 12:37, Petr Štetiar wrote:
> Rosen Penev <rosenp at gmail.com> [2019-05-27 19:19:53]:
>
> Hi,
>
>> Tested this on both mt7621 and Turris Omnia. Works pretty well. Init
>> gets done fast.
> thanks a lot for testing, can you please reply with your Tested-by next time
> so the patchwork could add this tag automatically to this patch?
>
>> The Turris people might want something like this or they need to fix haveged
>> to run earlier.
> I've been recommended haveged many times (by someone from nic.cz as well), so
> my initial idea was to simply give it a go and create uhaveged, but I quickly
> came to the conclusion, that it won't work for OpenWrt for many reasons, which
> I've already forget, but I think it wasn't truly multiplatform solution due to
> some compiler/assembly magic.
>
> Then I've simply found out, that haveged is no longer considered good
> enough[1] by the security community:
>
>   Also the use of `haveged` is recommended, which is a bad idea as this daemon
>   can create blocking situations during key generation effectively creating a
>   deadlock and thus security problems. haveged's design is from 2002, it has
>   never been audited, there're only papers by the original authors available.
>
> Even Andre Seznec, one of the main HAVEGE authors stated following[2]:
>
>   He also pointed out a security warning: with some VMs, the hardware cycles
>   counter is emulated and deterministic, and thus predictible[3]. He therefore
>   does not recommend using HAVEGE on those systems.
>
> so I started looking at other options and luckily enough, I've found out about
> this KISS jitter RNG.
>
> 1. https://lists.cert.at/pipermail/ach/2017-May/002251.html
> 2. https://github.com/BetterCrypto/Applied-Crypto-Hardening/commit/cf7cef7a870c1b77089b1bd6209ded6525b5a4e0#commitcomment-23006392
> 3. https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02
>
> -- ynezz
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

works good on Atom 330

first boot

dmesg | grep random

before

[   29.043097] random: fast init done
[   76.467115] random: crng init done

after

[    0.000000] random: get_random_bytes called from 
start_kernel+0x6d/0x3df with crng_init=0

[    5.899674] random: jshn: uninitialized urandom read (4 bytes read)
[    5.933012] random: jshn: uninitialized urandom read (4 bytes read)
[    5.957578] random: jshn: uninitialized urandom read (4 bytes read)
[    6.969902] urandom_read: 4 callbacks suppressed
[    6.969907] random: jshn: uninitialized urandom read (4 bytes read)
[   10.043998] random: jshn: uninitialized urandom read (4 bytes read)
[   10.550301] random: mkfs.f2fs: uninitialized urandom read (16 bytes read)
[   11.420925] urandom-seed: Seed file not found (/etc/urandom.seed)
[   13.321222] random: crng init done

Regards

Tested-by Lucian Cristian <lucian.cristian at gmail.com>


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel