disable mirage-entropy on xen for now (better safe than sorry)#6
disable mirage-entropy on xen for now (better safe than sorry)#6hannesm wants to merge 1 commit intomirage:masterfrom hannesm:disable-xen
Conversation
|
I'd prefer to keep it working with the warning, as I am working on getting the end-to-end TLS stack in shape in mirage/mirage#247 Instead of disabling it, how about an attempt to use |
|
See #7 and mirage/mirage#323 for a short-term workaround. |
|
In many ways, #7 might be even worse. It makes every sequence of "highly unpredictable" behaviors of a unikernel exactly the same on every boot. With randomness completely dependent on time of the day when the kernel was booted (well, when With randomness that is identical on every run, the mere fact that a kernel rebooted is sufficient. There is a wealth of cryptographic operations with horrible failure modes in this scenario. For a simple example, DSA signing is often done with a random parameter provided to the signing process. If an adversary can observe two signatures generated with the same random parameter, they can easily recover the secret key. With fixed "entropy", the only real entropy in this process is ordering of requests to the unikernel. To fully compromise the long-term secret, it is enough to succeed twice in being the first one after boot to request a signature. Note that From a security standpoint, this is barely stronger than having the sequence @hannesm and I were already suggested this scheme during the summer and we both disliked the idea. |
|
Agreed. I am closing #7. |
|
just to be on the same page @pqwy: Random.self_init https://github.com/ocaml/ocaml/blob/638a953bcf61678307fa5d0e1a969aaaf3f1ab20/byterun/sys.c#L364 tries to open /dev/urandom (doesn't exist on mirage), calls gettimeofday / time / getpid / getppid |
|
now that we have xentropyd, closing this... |
OCaml's
randomis a LFSR, seeded with the current time. This is very predictable, especially since services might expose uptime information. I'm very much in favor of being better safe than sorry, and enabling mirage-entropy only after we have it in a decent state on Xen. @pqwy shares this opinion I believe.@avsm are you ok with merging?