Date: Wed, 19 Jul 2000 23:41:24 +0200 From: Mark Murray <mark@grondar.za> To: Warner Losh <imp@village.org> Cc: current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <200007192141.XAA01113@grimreaper.grondar.za> In-Reply-To: <200007191823.MAA83239@harmony.village.org> ; from Warner Losh <imp@village.org> "Wed, 19 Jul 2000 12:23:18 CST." References: <200007191823.MAA83239@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> : If the attacker is on your computer (he us a user, say), he might know > : a lot about the current frequency of your xtal. He can also get the same > : (remote) time offsets as you. What does that give him? Not much, but it > : could reduce the bits that he needs to guess. By how much? I don't > : know. > > I don't know the answers to that either. > > Of course, if the attaker has root access to your machine, then you > have bigtime problems with keeping the random bits secret anyway... My scenario assumed that the attacker/user was not root. Of course if he is root, he knows a bit more, but even a non-root attacker can make a statistical study of the local clock and some hand-rolled ntp code. (I'm not suggesting it is easy, just possible :-) ) M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007192141.XAA01113>