Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Mention how to seed PRNG before activating Filevault

See original GitHub issue

For example:

cat > /dev/random
[type random letters for a while and press ctrl-c]

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:11

github_iconTop GitHub Comments

1reaction
felixgrcommented, Sep 30, 2016

In this issue I’m asking for a more practical advice for users that want to additionally seed the Yarrow PRNG by writing to /dev/random before activating FileVault. FileVault keys are generated from the PRNG and my estimate is that the entropy that went into the PRNG before that is rather low. We did experiments with 1000 fresh install boots and the estimated effective fresh reboot seed entropy is around 320 bits:

prngInitialize()
prngInput(inbuflen = 8)     source: microtime()
prngForceReseed(ticks = 50) recalculate pool
prngInput(inbuflen = 20)        source: /var/db/SystemEntropyCache (updated every 6h)
prngForceReseed(ticks = 50)
prngInput(inbuflen = 256)   source: mach_absolute_time() (41 * sizeof(mach_timespec_t)) via kdbg_getentropy(), collectEntropy(), and also 1 * current time
prngInput(inbuflen = 72)
prngForceReseed(ticks = 50)

From those seeds, microtime and current time are predictable. SystemEntropyCache is empty. 7 of 8 bytes of mach_timespec_t is also predictable.

In most systems, SystemEntropyCache from the first boot saves the day so we didn’t go to DEFCON 😃 but it’s still pretty low entropy.

See https://eprint.iacr.org/2012/374.pdf for more info. This is based on 10.7. I would be interested in your comments on this assessment 😃

0reactions
savchenkocommented, Sep 30, 2016

@felixgr , I’ve meant situation if the HD was encrypted after the 1st boot.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Use FileVault to encrypt your Mac startup disk - Apple Support
FileVault full-disk encryption uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your ...
Read more >
Security Analysis and Decryption of Filevault 2 - ins3cure.com
In a security-critical scenario, the PRNG should be reseeded by man- ually writing entropy to /dev/random before activating FileVault 2.
Read more >
Security Analysis and Decryption of Lion Full Disk Encryption
For highly security-critical scenarios, the PRNG should be reseeded by manually writing entropy to. /dev/random before activation of FileVault 2. 4.2 Plaintext ...
Read more >
MSC32-C. Properly seed pseudorandom number generators
A properly seeded PRNG will generate a different sequence of random numbers each ... Call srandom() before invoking random() to seed the random...
Read more >
What exactly is a seed in a random number generator?
Most pseudo-random number generators (PRNGs) are build on algorithms involving some kind of recursive method starting from a base value that ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Brewed DNSmasq w/DNSSEC support may not require further dnsmasq.conf configuration?

Next page

Alternative shasum 0e063fd87d5b0a4f68dbd35da95b2018748f88eb for InstallESD.dmg for OS X 10.10.5