Date: Fri, 21 Jul 2000 21:23:53 +0200 From: Mark Murray <mark@grondar.za> To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <200007211923.VAA00707@grimreaper.grondar.za> In-Reply-To: <39787FA4.A79BAE0B@vangelderen.org> ; from "Jeroen C. van Gelderen" <jeroen@vangelderen.org> "Fri, 21 Jul 2000 12:51:48 -0400." References: <39787FA4.A79BAE0B@vangelderen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > It is a Yarrow-mandated procedure. Please read the Yarrow paper. > > Actually, it's not. You don not want to save the exact > PRNG state to disk, ever. It's not Yarrow mandated > procedure but a big security hole. Section 2.1, last paragraph: "If a system is shut down, and restarted, it is desirable to store some high-entropy data (such as the key) in non-volatile memory. This allows the PRNG to be restarted in an unguessable state at the next restart. We call this data the reseed file." Perhaps "mandated" was a bit strong; "desired" might be better. > That said, you do not write out the state of the PRNG, > you write out a couple of blocks of output from which > the state cannot be derived. That *is* okay and that's > what you are doing. Writing the 256-bit key would have been OK according to the paper. > And just for completeness: it's not mandatory to do so. > I don't know where you read that in the paper. See above. > > If they can do that, they have either the console (==root) or they have > > root. Either way, who cares what they know about your machine, they have > > the whole darn thing :-O. > > Someone may well compromise your randomness source without > you noticing. And read your PGP mail for the coming couple > of years because your PGP key was compromised without you > noticing. Perfect Trojan horse to write for the FBI, IRS, > anyone who doesn't like you. Oops. Sure; we neet to be appropriately paranoid about that, but let's not get ridiculous. The seed file could certainly use some decent protection, but unfortunately, PC architectures don't come with SIMcards or the like. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007211923.VAA00707>