On Wed, 24 Apr 2019 at 11:30, Björn Persson <Bjorn(a)xn--rombobjrn-67a.se> wrote:
Lennart Poettering wrote:
>As mentioned before: systemd itself already needs entropy itself (it
>assigns a random 128bit id to each service invocation, dubbed the
>"invocation ID" of it, and it generates the machine ID and seeds its
>hash table hash functions)
Given that access to entropy during early boot is so problematic,
hardware-dependent and full of catch-22s, it seems to me that an init
system should use the entropy pool only if it really must.
With that in mind, could you explain why the invocation ID and the hash
tables need to be cryptographically secure? Why is rand or a simple
serial number not good enough? I never heard that lack of a
cryptographically secure invocation ID was a big security problem
I expect they have to be because someone pointed out some security hack
that can be done without it and no one ever noticed it before (or had a way
to fix it before so we just knocked it as a 'well cant fix it so never
mind'). Over the years in this business I have seen a lot of issues in the
past with that mantra... they only usually get re-earthed when someone gets
a nit because a new tool doesn't have it.
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Stephen J Smoogen.