ntpkeygen patch

Gary E. Miller gem at rellim.com
Sat Jan 7 00:47:52 UTC 2017 

Yo Greg!

On Sat, 07 Jan 2017 00:30:46 +0000
Greg Rubin <grrubin at gmail.com> wrote:

> > I'll repeat that I added a warning to the ntpkeygen man page about
> > not running the program in a script, or near startup, and to ensure
> > that your host has sufficient entropy before running it.
> >  
> 
> This sounds like an excellent caution to give users. Any long-lived
> system (especially non-virt) or with a modern processor (due to
> RDRAND) should have more than sufficient entropy.

Unless you believe, as many do, that RDRAND is backdoored.  

FeeBSD refuses to use RDRAND:

http://arstechnica.com/security/2013/12/we-cannot-trust-intel-and-vias-chip-based-crypto-freebsd-developers-say/

OTOH, The Exalted Head Penguin prefers to jsut add it into a bigger mix:

http://www.theregister.co.uk/2013/09/10/torvalds_on_rrrand_nsa_gchq/


> > This really is the consensus. We simply have to trust /dev/urandom
> (or  
> equivalent on other systems) and there really isn't a good way to
> improve its entropy (not without lots of extra work which is as
> likely to lower our security as improve it.) Hence the "pull the
> random data out and trust it" strategy.

Sure there are, but they involve hardware, or are very OS specific.  So
out of scope for NTPsec.

http://onerng.info/
http://ubld.it/products/truerng-hardware-random-number-generator/

Some people grab entropy from local cameras:

https://medium.com/the-physics-arxiv-blog/quantum-random-number-generator-created-using-a-smartphone-camera-602f88552b64#.q5piuiovg


> > Can we tell how much entropy is available? 

> This measure is a rough estimate at best. Once again, we generally
> need to simply trust the system to do the right thing.

Yup.

> FreeBSD does
> the correct thing with blocking early on.

And available to us in recent Python, but NTPsec is stuck supporting 2.6.

> > Can we add entropy to the pool?
> On systems with /dev/urandom, you can write data to it and it will
> be  mixed into the entropy pool. Other systems may have other ways of
> accomplishing this.

Which misses the point, how do get the entopy to add to the pool?

> > Can we postprocess the urandom entropy to get more entropy?
> There are post-processing steps which can be taken which will reduce
> the risks associated with certain problems.

Security by obscurity.  Not a good idea.  Only adding entropy helps.

> Don't we all. This is why I keep physical dice by my desk. There are
> times when that is the only answer.

I'll stick to the magic 8 ball.  And tape over my cameras.  :-)

RGDS                                                 Veritas liberabit vos
GARY                                                     Quid est veritas?
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com  Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170106/2a0ce66b/attachment.bin>

More information about the devel mailing list