Date: Sat, 30 Sep 1995 09:07:54 +0200 From: Mark Murray <mark@grondar.za> To: hackers@freebsd.org Subject: Netscape security problem - /dev/random? Message-ID: <199509300707.JAA21165@grumble.grondar.za>
next in thread | raw e-mail | index | archive | help
Hi With the well-publicised crack of Netscape's security, I am of the opinion that the system (in fact the kernel) should cooperate in providing decent random numbers. In this particular case, "decent" could mean a couple of things - - Unguessable. In tthe past folks used to seed their random number generators with the time-of-day to get a different start to the otherwise predidicable sequence. For security purposes this is no good, as an attacker who knows approximately whn you started, has a small set of numbers to play with to crack you. If the kernel could provide a toutally unpredictable value, this would protect the random generator seed. - Uniform. the above is assuming that each caller is only looking for a very small number of values. Such values may be useless if the caller actually needs a large number of uniformly distributed, totally random numbers. These two scenarios are addressed in a pice of code that I have that was written for Linux by Theodore Ts'o, and it provides 2 new devices - /dev/random and /dev/urandom which address these concerns. Those folks interested in exponential key exchange (Diffie-Hellman) and other crypto concerns will be interested. I would like to get this code into the kernel (in a few days). Is anyone else interested? M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grumble.grondar.za for PGP key
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509300707.JAA21165>