Date: Fri, 21 Jul 2000 12:55:08 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Dan Moschuk <dan@FreeBSD.ORG> Cc: Kris Kennaway <kris@FreeBSD.ORG>, Mark Murray <mark@grondar.za>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <3978806C.8BD1EDD6@vangelderen.org> References: <20000718103729.A1221@spirit.jaded.net> <Pine.BSF.4.21.0007210345170.13729-100000@freefall.freebsd.org> <20000721115846.C489@spirit.jaded.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Moschuk wrote:
>
> | > | Gotcha - fix coming; I need to stash some randomness at shutdown time, and
> | > | use that to reseed the RNG at reboot time.
> | >
> | > What about saving the state of the RNG and re-reading it on bootup? That
> | > will allow Yarrow to continue right where it left off. :-)
> |
> | That's a bad thing. You don't want someone to be able to examine the exact
> | PRNG state at next boot by looking at your hard disk after the machine has
> | shut down.
>
> I don't see how. If the attacker has physical access to the machine, there
> are plenty worse things to be done than just reading the state of a PRNG.
>
> If the random device is initialized in single user mode, and the file is
> then unlink()ed, I don't see any problems with that.
You generate a new PGP keypair and start using it. Your
co-worker reboots your machine afterwards and recovers
the PRNG state that happens to be stashed on disk. He
can then backtrack and potentially recover the exact same
random numbers that you used for your key.
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3978806C.8BD1EDD6>