From owner-freebsd-current  Fri Jul 21  8:58:55 2000
Delivered-To: freebsd-current@freebsd.org
Received: from spirit.jaded.net (shortbus.jaded.net [216.94.132.8])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8DC8B37BCAC; Fri, 21 Jul 2000 08:58:51 -0700 (PDT)
	(envelope-from dan@spirit.jaded.net)
Received: (from dan@localhost)
	by spirit.jaded.net (8.9.3/8.9.3) id LAA00864;
	Fri, 21 Jul 2000 11:58:46 -0400 (EDT)
	(envelope-from dan)
Date: Fri, 21 Jul 2000 11:58:46 -0400
From: Dan Moschuk <dan@FreeBSD.org>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: Mark Murray <mark@grondar.za>, current@FreeBSD.org
Subject: Re: randomdev entropy gathering is really weak
Message-ID: <20000721115846.C489@spirit.jaded.net>
References: <20000718103729.A1221@spirit.jaded.net> <Pine.BSF.4.21.0007210345170.13729-100000@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.BSF.4.21.0007210345170.13729-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Fri, Jul 21, 2000 at 03:46:31AM -0700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


| > | Gotcha - fix coming; I need to stash some randomness at shutdown time, and
| > | use that to reseed the RNG at reboot time.
| > 
| > What about saving the state of the RNG and re-reading it on bootup?  That
| > will allow Yarrow to continue right where it left off. :-)
| 
| That's a bad thing. You don't want someone to be able to examine the exact
| PRNG state at next boot by looking at your hard disk after the machine has
| shut down.

I don't see how.  If the attacker has physical access to the machine, there
are plenty worse things to be done than just reading the state of a PRNG.

If the random device is initialized in single user mode, and the file is
then unlink()ed, I don't see any problems with that.

-Dan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message