Pollinate is Stupid (Ubuntu 14.04)

Let's talk about Pollinate, and most importantly, why it's a terrible idea.

Pollinate (the Cloud PRNG Seed) feature in Ubuntu 14.04 was designed by someone who does not understand security: It pulls data from https://entropy.ubuntu.com/ and feeds it into /dev/urandom.

The premise for Pollinate is that some devices-- VMs especially-- have a hard time generating entropy on their first boot. The problem they are trying to solve is the existence of weak/colliding private keys. This is not an easy problem, nor one with a trivial solution. While I commend the Ubuntu developers for making an effort, their solution is plum-fuck retarded.

In what threat model is it okay to take data that an attacker can learn (or even falsify) and feed it into your random number generator?

"But Scott," you might retort, "Pollinate uses HTTPS, so they would have to break SSL to hack Pollinate." That sounds reasonable, until you apply a little bit of logic to the situation.

If you have enough entropy to facilitate a properly secure HTTPS communication, you have enough entropy to generate a cryptographically secure pseudorandom number. If you don't, then the HTTPS protection means very little and you might as well be transmitting in the clear.

There's a part of me that deeply suspects that, as a result of the NSA leaks by Edward Snowden, an exodus from insecure proprietary operating systems like Windows and Mac OSX to user-friendly flavors of Linux (namely: Ubuntu) prompted nation state actors to social engineer the Ubuntu devs into this decision. However, Hanlon's Razor applies here: Never attribute to malice that can be explained by stupidity.

Pollinate is stupid. It cannot solve the problem it's trying to solve, the way it's implemented.

I don't have a better solution... other than: If you're deploying a service where security matters, do one of the following:

- Put it on a bare-metal dedicated server
- Expose it to a hardware RNG

Fuck Pollinate.