Date: Fri, 21 Jul 2000 11:06:41 -0700 (PDT) From: Steve Kargl <sgk@troutmask.apl.washington.edu> To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: Dan Moschuk <dan@FreeBSD.ORG>, Kris Kennaway <kris@FreeBSD.ORG>, Mark Murray <mark@grondar.za>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <200007211806.LAA61495@troutmask.apl.washington.edu> In-Reply-To: <3978806C.8BD1EDD6@vangelderen.org> from "Jeroen C. van Gelderen" at "Jul 21, 2000 12:55:08 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Jeroen C. van Gelderen wrote: > Dan Moschuk wrote: > > > > I don't see how. If the attacker has physical access to the machine, there > > are plenty worse things to be done than just reading the state of a PRNG. > > > > If the random device is initialized in single user mode, and the file is > > then unlink()ed, I don't see any problems with that. > > You generate a new PGP keypair and start using it. Your > co-worker reboots your machine afterwards and recovers > the PRNG state that happens to be stashed on disk. He > can then backtrack and potentially recover the exact same > random numbers that you used for your key. > I don't follow your logic. A normal boot/shutdown sequence would be: (1) power on (or shutdown -r) (2) in single-user mode (a) read /dev/saved_entropy into buffer (b) unlink /dev/saved_entropy (c) create /dev/saved_entropy with all zeros (d) test contents in buffer against all zeros (I) buffer contents is different from all zeros; initialize entropy pool (II) buffer contents matches all zeros; use a fall-back method. (3) go multi-user (4) normal shutdown (a) kick everybody off system (b) kill off daemons (c) umount all partitions except the partition with /dev (c) save entropy to /dev/saved_entropy (d) umount partition with /dev After a crash or panic, the system reboots. Step 2(c) has left a finger print to test for valid saved entropy. If all zeros are found use a suitable fallback method to stir the entropy. I don't see how co-worker can do what you suggest. And, if he can easily reboot your system, you have other problems to worry about. -- Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007211806.LAA61495>