Theodore Tso wrote:
On Mon, Dec 17, 2007 at 07:52:53PM -0500, Andy Lutomirski wrote:
It runs on a freshly booted machine (no
DSA involved, so we're not automatically hosed), so an attacker knows the
initial pool state.
Not just a freshly booted system. The system has to be a freshly
booted, AND freshly installed system. Normally you mix in a random
seed at boot time. And during the boot sequence, the block I/O will
be mixing randomness into the entropy pool, and as the user logs in,
the keyboard and mouse will be mixing more entropy into the pool. So
you'll have to assume that all entropy inputs have somehow been
disabled as well.
On a server, keyboard and mouse are rarely used. As you've described
it, that leaves only the disk, and during the boot process, disk
accesses and timing are somewhat predictable. Whether this is
sufficient to break the RNG is (clearly) a matter of debate.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- References:
- /dev/urandom uses uninit bytes, leaks user data
- Re: /dev/urandom uses uninit bytes, leaks user data
- Re: /dev/urandom uses uninit bytes, leaks user data
- Re: /dev/urandom uses uninit bytes, leaks user data
- Re: /dev/urandom uses uninit bytes, leaks user data
- Re: /dev/urandom uses uninit bytes, leaks user data
- Re: /dev/urandom uses uninit bytes, leaks user data
- Re: /dev/urandom uses uninit bytes, leaks user data
- Re: /dev/urandom uses uninit bytes, leaks user data
- Re: /dev/urandom uses uninit bytes, leaks user data
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]