havege in polarssl not enabled and maintainer refuses to enable it (#1069394)
pspacek at redhat.com
Wed Oct 1 13:31:30 UTC 2014
On 1.10.2014 15:12, Nikos Mavrogiannopoulos wrote:
> On Wed, 2014-10-01 at 08:33 -0400, Matthew Miller wrote:
>> On Wed, Oct 01, 2014 at 08:52:03AM +0300, Jonathan Dieter wrote:
>>> The havege functions in the polarssl package are currently disabled
>>> in the Fedora package. Newer releases of dolphin-emu, which are in
>>> a popular external repository, require these functions.
>>> According to https://bugzilla.redhat.com/show_bug.cgi?id=1069394#c1,
>>> the HAVEGE feature is disabled because it's "controversial" and
>>> "would lead to security problems", but the maintainer hasn't given
>>> any more explanation than that in the bug report.
>>> Is there any way we can get a second opinion on this? The external
>> Yes there is. Since the objection is potentially security related, it would
>> be good to get the input of the Fedora Security Team (probably on the
>> security@ mailing list). Second, having had that conversation, if it still
>> goes nowhere, file a ticket with FESCo.
> Havege is an entropy gathering technique combined with a PRNG. I cannot
> really comment on the algorithm, but there is not significant analysis
> of the technique, and has not been published in a journal that is
> specialized for crypto or PRNGs. In any case, my opinion is not based on
> an analysis of the underlying algorithm, but rather on an idea on how
> the Fedora system's security features should be used.
> haveged and other daemons that feed entropy to kernel are useful, but a
> user space process in Fedora should not need an entropy gatherer. The
> system provides two and they are called /dev/urandom and /dev/random. By
> using these two we can always know that processes are sufficiently
> seeded. The only way to enforce that rule is by not allowing entropy
> gathering APIs in the system. So I'm on the keep this API disabled side,
> even though it's for a different reason.
> Is there a reason the processes that depend on the havege API to obtain
> entropy cannot use the system provided devices? My guess is that the
> processes simply need a PRNG. In that case doesn't the polarssl API
> offer a reasonable PRNG that is seeded from the system's devices?
I support Nikos's analysis. Let kernel do its work.
More information about the devel