Date: Sat, 22 Jul 2000 10:32:24 -0400 From: "Louis A. Mamakos" <louie@TransSys.COM> To: Brian Fundakowski Feldman <green@FreeBSD.ORG> Cc: Kris Kennaway <kris@FreeBSD.ORG>, arch@FreeBSD.ORG Subject: Re: Quantifying entropy Message-ID: <200007221432.KAA66024@whizzo.transsys.com> In-Reply-To: Your message of "Sat, 22 Jul 2000 10:14:35 EDT." <Pine.BSF.4.21.0007221011110.27690-100000@green.dyndns.org> References: <Pine.BSF.4.21.0007221011110.27690-100000@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, 22 Jul 2000, Louis A. Mamakos wrote: > > > > > Another source of noise could be via the RF tuner in a video capture > > baord. You could get plenty 'o noise on both the audio output as > > well as the noisy video fields when tuned to an unused channel. > > Remember that this approach is easily subverted. An attacker can > compromise your entropy by detecting what frequency you are tuned to > and attack that frequency with predictable data. A protection to > this would be a good implementation of a spread-spectrum and > spectrum-hopping RF tuner, but then you're relying on its PRNG for > the data, really, and if it were that good you'd want to use it anyway ;) Easily subverted by whom? Since this isn't an FM detector, there is no "capture" effect, and there are a considerable number of noise sources to be overcome by an attacker with a transmitter trying to saturate an AM (well, vestigal sideband) detector. And that's assuming if the tuner actually been connected to an antenna. Further, even if it was, it's unclear that I'd characterize this as "easily subverted"; assuming an attacker was generating NTSC video on a channel, and it had good sync, and it was a fully saturated black luminence signal, there's still going to be noise in the A/D converter on the video capture card. And that's assuming he in fact can detect the LO of the tuner, buried inside the case of the computer along with a bunch of other oscillators, and that you haven't just tuned to a random frequency before capturing a frame of snow. I would think that a broad-band jammer covering all the broadcast (or cable for that matter) spectrum would be noticeable, especially one as powerful as you postulate. I think we're overestimating the extent of the threat. Hell, an attacker could fire a particle beam at phk's geiger counter and comprise it as well. Or break into the facility and just steal the physical assets, rather than mucking about with all this complicated stuff. If I was seriously concerned about these sorts of attacks, then I'd spend a few thousand dollars to address them. As it is, I don't seem the problem with cranking in some perhaps "suspect" entropy data when the alternative is doing nothing. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007221432.KAA66024>