Feature #11898

Have a readable blueprint about randomness in Tails

Added by bertagaz 2016-11-04 14:26:05 . Updated 2019-08-11 15:14:55 .

Status:
Resolved
Priority:
Normal
Assignee:
intrigeri
Category:
Target version:
Start date:
2016-11-04
Due date:
% Done:

70%

Feature Branch:
Type of work:
Communicate
Starter:
Affected tool:
Deliverable for:

Description

We want such kind of document to be ready for outsiders of the team and the encryption community so that they can review the problems we identified regarding randomness and entropy in Tails, and the implementation we plan to make it cryptographically strong enough.

We’ll do that in the related blueprint, and the idea is to have it ready for 33C3 so that Tails people attending can catch others and show them.


Subtasks


Related issues

Related to Tails - Feature #8578: Point friendly academic people to research projects that would help Tails In Progress 2015-01-07
Related to Tails - Feature #7642: Investigate whether we should resume shipping a static random seed Resolved 2016-09-02
Related to Tails - Feature #7102: Evaluate how safe haveged is in a virtualized environment Confirmed 2014-04-17

History

#1 Updated by bertagaz 2016-11-04 14:28:41

Plan is to have everyone assigned to a related ticket to write a note about it, so that we can include it in the blueprint. There already are bits written, but they may need care and updates before being showed to others.

We’ll meet half of November to see where we are at, and will finalize the document

#2 Updated by intrigeri 2016-11-10 11:32:18

Maybe this ticket should be assigned to someone who’ll make sure that everyone involved does their bits? (I’m warry of tickets with a milestone and no assignee.)

#3 Updated by Dr_Whax 2016-11-18 11:26:40

  • Assignee set to Dr_Whax

Hello watchers!

Please update the blueprint with any information that isn’t on it yet. The deadline for this is the 2nd of December.

#4 Updated by anonym 2016-12-14 20:11:28

  • Target version changed from Tails_2.9.1 to Tails 2.10

#5 Updated by anonym 2017-01-24 20:48:52

  • Target version changed from Tails 2.10 to Tails_2.11

#6 Updated by anonym 2017-03-09 14:00:30

  • Target version changed from Tails_2.11 to Tails_2.12

#7 Updated by intrigeri 2017-04-20 06:44:50

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10
  • Parent task set to Feature #7675

#8 Updated by intrigeri 2017-04-20 06:46:14

  • Target version changed from Tails_2.12 to 2017

Apparently setting target version = $nextrelease does not really work, and it clutters the RM view => resetting to the 2017 goal as decided as last summit. Feel free to set a more specific target version that encodes your (realistic) plans better :)

#9 Updated by bertagaz 2017-08-16 11:37:55

  • QA Check set to Ready for QA

As discussed on chat, I’m puting this ticket RfQA for Drwhax to review the blueprint. It’s in a pretty good shape enough IMO for us to start showing it to our fellow Tails devs for feedbacks, and then external crypto knowledgeable people.

#10 Updated by Anonymous 2018-01-15 14:13:03

  • Target version changed from 2017 to 2018
  • Blueprint set to https://tails.boum.org/blueprint/randomness_seeding/

2017 is over.

DrWhax: this ticket is asking for review of the blueprint. Once done with the review, we can continue to work on this and ask for review on tails-dev / external crypto people.

#11 Updated by Anonymous 2018-01-15 14:13:34

Do you still plan to work on this? Otherwise please either try to find somebody else to do the review or unassign yourself -> reassign to bertagaz.

#12 Updated by Anonymous 2018-01-15 14:14:03

  • % Done changed from 10 to 70

#13 Updated by Dr_Whax 2018-01-18 13:15:23

There’s 2 points remaining to add to the blueprint (including some data points). Almost there.

#14 Updated by bertagaz 2018-01-19 18:13:01

Dr_Whax wrote:
> There’s 2 points remaining to add to the blueprint (including some data points). Almost there.

If you’re talking about the to “XXX:” still in the blueprint, I think we can safely ignore them and proceed on the internal reviewing inside Tails. There are other actionables items in there we can very well start implementing before we get these points. So if that’s your only remark, maybe we can close this ticket and send this on tails-dev?

#15 Updated by Anonymous 2018-08-17 14:40:24

DrWhax: please send this to tails-dev for comments as suggested by bertagaz. I’ve done a proofread and made it a bit more readable.

#16 Updated by Anonymous 2018-08-18 12:46:40

  • related to Feature #8578: Point friendly academic people to research projects that would help Tails added

#17 Updated by Anonymous 2018-08-18 13:11:53

  • related to Feature #7642: Investigate whether we should resume shipping a static random seed added

#18 Updated by Anonymous 2018-08-18 13:57:31

  • related to Feature #7102: Evaluate how safe haveged is in a virtualized environment added

#19 Updated by Dr_Whax 2018-08-22 17:25:51

I’ve sent a RFC to tails-dev.

#20 Updated by intrigeri 2018-10-11 09:34:25

  • Target version deleted (2018)

#21 Updated by intrigeri 2019-06-02 14:42:53

  • Status changed from In Progress to Needs Validation

#22 Updated by Dr_Whax 2019-07-07 15:17:05

  • Assignee deleted (Dr_Whax)

I’m no longer going to work on this.

#23 Updated by intrigeri 2019-08-11 13:22:09

  • Assignee set to intrigeri

#24 Updated by intrigeri 2019-08-11 15:14:56

  • Status changed from Needs Validation to Resolved

As explained on https://lists.autistici.org/message/20190811.150250.42ecbf90.en.html, I think we’re now done here. Thanks to everyone who participated! :)

Next steps:

  • Finish discussion on implementation details on Feature #11897, get it ready and ship it.
  • Deal with the “Tails started from ISO in a VM” case: Bug #16971.

Regarding the other proposed solutions on the blueprint: they all need more work, be it research (it’s not clear whether they would work at all) or implementation. They don’t conflict with what’s being done on Feature #11897. So whoever is interested in working on any of these further improvements in the future, feel free to create a dedicated ticket, and see you there!