havege in polarssl not enabled and maintainer refuses to enable it (#1069394)

Nikos Mavrogiannopoulos nmav at redhat.com
Wed Oct 1 13:12:58 UTC 2014 

On Wed, 2014-10-01 at 08:33 -0400, Matthew Miller wrote:
> On Wed, Oct 01, 2014 at 08:52:03AM +0300, Jonathan Dieter wrote:
> > The havege functions in the polarssl package are currently disabled
> > in the Fedora package.  Newer releases of dolphin-emu, which are in
> > a popular external repository, require these functions.
> > 
> > According to https://bugzilla.redhat.com/show_bug.cgi?id=1069394#c1,
> > the HAVEGE feature is disabled because it's "controversial" and
> > "would lead to security problems", but the maintainer hasn't given
> > any more explanation than that in the bug report.
> > 
> > Is there any way we can get a second opinion on this?  The external
> Yes there is. Since the objection is potentially security related, it would
> be good to get the input of the Fedora Security Team (probably on the
> security@ mailing list). Second, having had that conversation, if it still
> goes nowhere, file a ticket with FESCo.

Hello,
 Havege is an entropy gathering technique combined with a PRNG. I cannot
really comment on the algorithm, but there is not significant analysis
of the technique, and has not been published in a journal that is
specialized for crypto or PRNGs. In any case, my opinion is not based on
an analysis of the underlying algorithm, but rather on an idea on how
the Fedora system's security features should be used.

haveged and other daemons that feed entropy to kernel are useful, but a
user space process in Fedora should not need an entropy gatherer. The
system provides two and they are called /dev/urandom and /dev/random. By
using these two we can always know that processes are sufficiently
seeded. The only way to enforce that rule is by not allowing entropy
gathering APIs in the system. So I'm on the keep this API disabled side,
even though it's for a different reason.

Is there a reason the processes that depend on the havege API to obtain
entropy cannot use the system provided devices? My guess is that the
processes simply need a PRNG. In that case doesn't the polarssl API
offer a reasonable PRNG that is seeded from the system's devices?

regards,
Nikos

More information about the devel mailing list