
Ubuntu Cloud PRNG seed - lelf
https://wiki.ubuntu.com/Security/Features#prng-cloud
======
mjschultz
I was curious so I decided to post some of the Google links about this:

* man page: [http://manpages.ubuntu.com/manpages/trusty/man1/pollinate.1....](http://manpages.ubuntu.com/manpages/trusty/man1/pollinate.1.html)

* Q&A style blog post: [http://blog.dustinkirkland.com/2014/02/random-seeds-in-ubunt...](http://blog.dustinkirkland.com/2014/02/random-seeds-in-ubuntu-1404-lts-cloud.html)

* A "why this is scary" blog post: [https://tim.siosm.fr/blog/2014/04/25/why-not-ubuntu-14.04-lt...](https://tim.siosm.fr/blog/2014/04/25/why-not-ubuntu-14.04-lts/#pollinate)

------
m1el
Quoting this comment by atoponce from /r/netsec:
[http://www.reddit.com/r/netsec/comments/2xlruv/ubuntu_cloud_...](http://www.reddit.com/r/netsec/comments/2xlruv/ubuntu_cloud_prng_seed/cp1996q):

>"Starting with Ubuntu 14.04 LTS, Ubuntu cloud images include the Pollinate
client, which will try to seed the PRNG with input from
[https://entropy.ubuntu.com](https://entropy.ubuntu.com) for up to 3 seconds
on first boot."

So, let me get this straight. An Ubuntu cloud image doesn't have enough
entropy to create strong crypto keys on first boot (SSH, SSL, etc.). So, it
connects over the _Internet_ , via HTTPS, which requires strong crypto keys to
make the connection, to gather its entropy. Facepalm.

The correct answer to generating enough entropy on boot is to either install
haveged(8) as part of the imaging process, or to have the cloud image attach
to a HWRNG using something similar to VirtIORNG.

Enough entropy needs to be created _before_ making an HTTPS connection, not
after.

------
wtbob
I don't know how I feel about this. It's at least stirring the pot a little
bit, but—as the Pollinate README indicates—it's not really increasing the
entropy in the system at all. Thus one still needs to collect actual entropy,
e.g. with CPU jitter[0]—and if one has collected enough entropy that way, then
stirring the pot doesn't help (although it doesn't really hurt either).

I think that the real answer has to be blocking boot until enough entropy has
been gathered, based on CPU or storage timing, or on console input.

[0] [http://www.chronox.de/jent/doc/CPU-Jitter-
NPTRNG.html](http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html)

