Date: Tue, 26 Sep 2000 08:57:42 -0500 (CDT) From: James Wyatt <jwyatt@rwsystems.net> To: Terje Elde <terje@elde.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Encryption over IP Message-ID: <Pine.BSF.4.10.10009260846290.20201-100000@bsdie.rwsystems.net> In-Reply-To: <20000926121003.G43065@dlt.follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> The point of re-keying isn't to avoid known plaintext or chosen plaintext > attacks. The point is to help improve the situation should any component be > broken. This includes the algorithm which might be vulnerable to unknown > attacks, the PRNG might have made a bad judgement about it's entropy pool and > given you a bad key once. [ ... ] > Let's take an example. I'm running a system with a bad PRNG. It takes it's > input from hashing incoming IP packets (or whatever). This allows you to > control it, and because the mixing part isn't well designed either you manage > to take control over the whole thing. I then start a ssh session, which will > live on forever and feed data to this box from a remote one. Because you've > broken my PRNG you manage to get the key. If you don't re-key you'll be able to > read the data on the connection forever. With re-keying you'll loose that > access with the next re-key after I get entropy not known to you. But if "you can control [the PRNG]", don't you know it later? If you can only guess it once in a while, wouldn't rekeying give an attacking party more chances to try getting the key? Also: What happens when your PRNG runs-out of entropy? If ssh stops or prevents login or rekeying, then you can have an outage and might not have the entropy to gen a key on login. If it doesn't, then couldn't an attacker replace or modify your PRNG to generate a fixed pattern? They might never need direct access to your host again. Is there anything out there to ensure my PRNG is up to snuff or monitor it for BB or Spong? Is there any way I could graph the entropy pool with MRTG? I didn't see many hints in the egd doc. Should I care? - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10009260846290.20201-100000>