Date: Fri, 21 Jul 2000 18:54:54 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Mark Murray <mark@grondar.za> Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <Pine.BSF.4.21.0007211849570.68809-100000@freefall.freebsd.org> In-Reply-To: <200007211923.VAA00707@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 21 Jul 2000, Mark Murray wrote:
> Section 2.1, last paragraph:
> "If a system is shut down, and restarted, it is desirable to store some
> high-entropy data (such as the key) in non-volatile memory. This allows
> the PRNG to be restarted in an unguessable state at the next restart. We
> call this data the reseed file."
I'm all for storing a sample at shutdown and using it to help seed the
PRNG at startup, but it shouldn't be the only seed used (for example, the
case where the system has never been shut down (cleanly) before and so has
no pre-existing seed file is a BIG corner case to consider since thats how
the system is at the time it first generates SSH keys after a fresh
install).
It might be only an academic vulnerability, but if someone can read your
HD during the time the system is shut down then I'd prefer them not to
know the precise state when the system next starts up again. Yes, if they
can read they can probably also write, but it seems like a mistake when
there's nothing really gained by saving the complete state, as opposed to
an extract.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007211849570.68809-100000>