From owner-freebsd-current  Fri Jul 21  9:55:14 2000
Delivered-To: freebsd-current@freebsd.org
Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0CA2C37BBBA; Fri, 21 Jul 2000 09:55:10 -0700 (PDT)
	(envelope-from jeroen@vangelderen.org)
Received: from vangelderen.org (grolsch.ai [209.88.68.214])
	by cypherpunks.ai (Postfix) with ESMTP
	id 4B09F53; Fri, 21 Jul 2000 12:55:08 -0400 (AST)
Message-ID: <3978806C.8BD1EDD6@vangelderen.org>
Date: Fri, 21 Jul 2000 12:55:08 -0400
From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Dan Moschuk <dan@FreeBSD.ORG>
Cc: Kris Kennaway <kris@FreeBSD.ORG>, Mark Murray <mark@grondar.za>,
	current@FreeBSD.ORG
Subject: Re: randomdev entropy gathering is really weak
References: <20000718103729.A1221@spirit.jaded.net> <Pine.BSF.4.21.0007210345170.13729-100000@freefall.freebsd.org> <20000721115846.C489@spirit.jaded.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Dan Moschuk wrote:
> 
> | > | Gotcha - fix coming; I need to stash some randomness at shutdown time, and
> | > | use that to reseed the RNG at reboot time.
> | >
> | > What about saving the state of the RNG and re-reading it on bootup?  That
> | > will allow Yarrow to continue right where it left off. :-)
> |
> | That's a bad thing. You don't want someone to be able to examine the exact
> | PRNG state at next boot by looking at your hard disk after the machine has
> | shut down.
> 
> I don't see how.  If the attacker has physical access to the machine, there
> are plenty worse things to be done than just reading the state of a PRNG.
> 
> If the random device is initialized in single user mode, and the file is
> then unlink()ed, I don't see any problems with that.

You generate a new PGP keypair and start using it. Your
co-worker reboots your machine afterwards and recovers 
the PRNG state that happens to be stashed on disk. He 
can then backtrack and potentially recover the exact same
random numbers that you used for your key.

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message