How is the key generated when creating an encrypted ZFS volume?

[wingstar]

Hi,
I created an encrypted ZFS volume. I am wondering how the key is genetrated? Is there a way to choose your own encryption key or influence how it is generated?
/Wingstar

 

[cyberjock]

It's created "very carefully". Thank you, thank you. I'll be here all day!

There is no way to choose your own key or influence how it is generated with FreeNAS without doing your own CLI work or hacking the OS to work how you want. Dusan has read up on the encryption code, so maybe he'll stop in and explain it a little. I'm not sure you could use your own key without also writing the master key to the disks too(but don't quote me on that).

 

[ECCfrenaslover]

Speaking of keys....

Do the experts here recommend to write down that key for future use? Like a passkey code? I do not recall anything pertaining to this on the manual...but I will read it again on Sunday.

 

[cyberjock]

No, per the manual you save the keyfile as well as your recovery key to your favorite, secure, storage media of choice. ;)

 

[Dusan]

I created an encrypted ZFS volume. I am wondering how the key is genetrated? Is there a way to choose your own encryption key or influence how it is generated?

There are actually several keys involved (the geli master key, the user keys, ...). I explained how the encryption works in this thread: Recover encryption key
Te answer your question about key generation: you can pick your own passphrase, all the other keys/keyfiles are generated from /dev/random.

 

[wingstar]

I have read that the FreeBSD team have changed the way random numbers are generated in 10.0. I just want to "feel safe" with the way the random keys are generated in FreeNAS.

 

[Dusan]

I have read that the FreeBSD team have changed the way random numbers are generated in 10.0. I just want to "feel safe" with the way the random keys are generated in FreeNAS.

FreeNAS 9.2 does not use the FreeBSD 10 random generator. However, the final FreeBSD 10 implementation is similar to what Linux does -- RdRand is not accessible directly, it is only used to seed the Yarrow PRNG. Yarrow will maybe be replaced by Fortuna in FreeBSD 11.

 

[wingstar]

FreeNAS 9.2 does not use the FreeBSD 10 random generator. However, the final FreeBSD 10 implementation is similar to what Linux does -- RdRand is not accessible directly, it is only used to seed the Yarrow PRNG. Yarrow will maybe be replaced by Fortuna in FreeBSD 11.

Since they decided to change the random generator for 10.0, should I assume that the random generator was broken in earlier versions?

 

[Dusan]

Since they decided to change the random generator for 10.0, should I assume that the random generator was broken in earlier versions?

No. What happened is that Intel introduced the RdRand instruction in Ivy Bridge CPUs. A support for the instruction was added for FreeBSD 10. The initial implementation allowed you to switch the /dev/random backend directly to RdRand by enabling the hw.ivy_rng_enable sysctl (i.e. /dev/random would give you raw RdRand output) -- please note that FreeBSD 10 is still in development, so this implementation was not released in any official version. However, Intel did some design decisions with RdRand that leaves it open for doubt (e.g.: http://blog.jim.com/crypto/rdrand.html). Therefore, the final FreeBSD 10 implementation removes the option to access RdRand directly via /dev/random and only uses it to feed additional entropy to the current Yarrow PRNG (the entropy is currently harvested also from keyboard and mouse activity, network activity, hardware interrupts, ...).

 

[wingstar]

No. What happened is that Intel introduced the RdRand instruction in Ivy Bridge CPUs. A support for the instruction was added for FreeBSD 10. The initial implementation allowed you to switch the /dev/random backend directly to RdRand by enabling the hw.ivy_rng_enable sysctl (i.e. /dev/random would give you raw RdRand output) -- please note that FreeBSD 10 is still in development, so this implementation was not released in any official version. However, Intel did some design decision with RdRand that leaves it open for doubt (e.g.: http://blog.jim.com/crypto/rdrand.html). Therefore, the final FreeBSD 10 implementation removes the option to access RdRand directly via /dev/random and only uses it to feed additional entropy to the current Yarrow PRNG (the entropy is currently harvested also from keyboard and mouse activity, network activity, hardware interrupts, ...).

Ok, thanks for the detailed explanation.
A followup question: when you install FreeNAS and create your encrypted ZFS volumes, should you perform some kind of actions before you create the encrypted ZFS volumes to feed more entropy? Or is it sufficient to just boot the newly created USB stick, log in via web interface and create the encrypted ZFS volume?

 

[Dusan]

Ok, thanks for the detailed explanation.
A followup question: when you install FreeNAS and create your encrypted ZFS volumes, should you perform some kind of actions before you create the encrypted ZFS volumes to feed more entropy? Or is it sufficient to just boot the newly created USB stick, log in via web interface and create the encrypted ZFS volume?

There's no need to do anything special. Reads from /dev/random will block when the PRNG is not fully seeded yet. However, it will definitely be fully seeded before you reach the volume creation screen in the GUI.