From owner-freebsd-current  Fri Jul 21  9:51:57 2000
Delivered-To: freebsd-current@freebsd.org
Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8371737BBBA; Fri, 21 Jul 2000 09:51:50 -0700 (PDT)
	(envelope-from jeroen@vangelderen.org)
Received: from vangelderen.org (grolsch.ai [209.88.68.214])
	by cypherpunks.ai (Postfix) with ESMTP
	id A158152; Fri, 21 Jul 2000 12:51:48 -0400 (AST)
Message-ID: <39787FA4.A79BAE0B@vangelderen.org>
Date: Fri, 21 Jul 2000 12:51:48 -0400
From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Mark Murray <mark@grondar.za>
Cc: Kris Kennaway <kris@FreeBSD.ORG>, current@FreeBSD.ORG
Subject: Re: randomdev entropy gathering is really weak
References: <Pine.BSF.4.21.0007210345170.13729-100000@freefall.freebsd.org> <200007211253.OAA00377@grimreaper.grondar.za>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Mark Murray wrote:
> 
> > > What about saving the state of the RNG and re-reading it on bootup?  That
> > > will allow Yarrow to continue right where it left off. :-)
> >
> > That's a bad thing. You don't want someone to be able to examine the exact
> > PRNG state at next boot by looking at your hard disk after the machine has
> > shut down.
> 
> It is a Yarrow-mandated procedure. Please read the Yarrow paper.

Actually, it's not. You don not want to save the exact 
PRNG state to disk, ever. It's not Yarrow mandated 
procedure but a big security hole. 

That said, you do not write out the state of the PRNG,
you write out a couple of blocks of output from which 
the state cannot be derived. That *is* okay and that's
what you are doing. 

And just for completeness: it's not mandatory to do so.
I don't know where you read that in the paper.

> If they can do that, they have either the console (==root) or they have
> root. Either way, who cares what they know about your machine, they have
> the whole darn thing :-O.

Someone may well compromise your randomness source without 
you noticing. And read your PGP mail for the coming couple 
of years because your PGP key was compromised without you 
noticing. Perfect Trojan horse to write for the FBI, IRS,
anyone who doesn't like you. Oops.

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message