On Wed, 24 Apr 2019 at 11:30, Björn Persson <Bjorn@rombobjörn.se> wrote:
Lennart Poettering wrote:
>As mentioned before: systemd itself already needs entropy itself (it
>assigns a random 128bit id to each service invocation, dubbed the
>"invocation ID" of it, and it generates the machine ID and seeds its
>hash table hash functions)

Given that access to entropy during early boot is so problematic,
hardware-dependent and full of catch-22s, it seems to me that an init
system should use the entropy pool only if it really must.

With that in mind, could you explain why the invocation ID and the hash
tables need to be cryptographically secure? Why is rand or a simple
serial number not good enough? I never heard that lack of a
cryptographically secure invocation ID was a big security problem
before SystemD.

I expect they have to be because someone pointed out some security hack that can be done without it and no one ever noticed it before (or had a way to fix it before so we just knocked it as a 'well cant fix it so never mind'). Over the years in this business I have seen a lot of issues in the past with that mantra... they only usually get re-earthed when someone gets a nit because a new tool doesn't have it.

Björn Persson
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Stephen J Smoogen.