problems with the MIPS randomness and OpenVPN impact

Discuss the technical details of Gargoyle and ongoing development

Moderator: Moderators

throughwalls
Posts: 89
Joined: Thu Apr 22, 2010 3:24 pm

problems with the MIPS randomness and OpenVPN impact

Postby throughwalls » Thu Sep 12, 2013 8:31 am

Looks like there may be some issues with entropy harvesting in MIPS Linux which forms the basis of a lot of distributions, such as OpenWRT and Gargoyle.

http://www.heise.de/security/meldung/MI ... 53097.html (In German) is a good overview.
It points to https://lists.openwrt.org/pipermail/ope ... 21318.html

Does anyone know if this has an impact on key generation for OpenVPN running on a Mips based Gargoyle?

Can I do anything to do better key generation on the router? Could I generate keys on a different platform (a Linux machine) and then use then on my router?


Not related directly, but the discussion on the Intel RNG instructions at https://plus.google.com/u/0/11709138045 ... Dcoemc9V3J is wonderful to read ask well.

throughwalls
Posts: 89
Joined: Thu Apr 22, 2010 3:24 pm

Re: problems with the MIPS randomness and OpenVPN impact

Postby throughwalls » Thu Sep 12, 2013 8:41 am

http://www.mips.com/media/files/MD00565 ... -01.01.pdf includes a code snipit for reading the cycle count from a MIPS processor. Not sure whether it works on the Atheros CPUs...

Code: Select all

unsigned mips_cycle_counter_read()
{
unsigned cc;
asm volatile("mfc0 %0, $9" : "=r" (cc));
return (cc << 1);
}

throughwalls
Posts: 89
Joined: Thu Apr 22, 2010 3:24 pm

Re: problems with the MIPS randomness and OpenVPN impact

Postby throughwalls » Wed Sep 18, 2013 6:32 pm

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
This is a wonderfully written paper. Has anyone looked at either the SSH keys for Gargoyle or the OpenVPN certificates?

BashfulBladder
Moderator
Posts: 250
Joined: Thu Jan 17, 2013 11:43 pm

Re: problems with the MIPS randomness and OpenVPN impact

Postby BashfulBladder » Wed Sep 18, 2013 7:34 pm

Well, here's the commit. Reverse it & see what it does for you.

http://www.mail-archive.com/git-commits ... 29749.html

or use this patch:
http://lkml.indiana.edu/hypermail/linux ... 01123.html
TP-Link WDR3600 v1.1 running 1.5.10+ L10n-English (Built 20130922 - OpenWrt r38093)
TP-Link WDR4300 running 1.5.10+ i18n-English (Built 20131010 - OpenWrt r38286)

https://github.com/BashfulBladder/gargoyle-plugins/wiki


Return to “Gargoyle Development”

Who is online

Users browsing this forum: No registered users and 1 guest