| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Jul 2005 01:00:27 +1000 (Australia/ACT) From: Darren Reed <avalon@...igula.anu.edu.au> To: exon@...e.se (exon) Cc: bugtraq@...urityfocus.com Subject: Re: /dev/random is probably not In some mail from exon, sie said: > * If this estimate goes to zero, the routine can still generate > * random numbers; however, an attacker may (at least in theory) be > * able to infer the future output of the generator from prior > * outputs. This requires successful cryptanalysis of SHA, which is > * not believed to be feasible, but there is a remote possibility. > * Nonetheless, these numbers should be useful for the vast majority > * of purposes. > Judging by nmap evaluation of the ip-stack, OpenBSD and FreeBSD have > very strong PRNG's as well. I haven't got access to a NetBSD system to > test with. nmap is not a good measure of this problem. Linux cited using keyboard interrupts. How many of those happen on a web server in a rack, in an air conditioned computer room somewhere ? How many happen when you open up your web browser and select your internet banking web site from your bookmarks? The original email pointed out that disk seek times may not be quite as random as previously thought, especially with compact flash and similar mediums. In the case of polled I/O (for 1Gb+ NICs), is there any entropy gained from network IRQ serving? What the original article was getting at is that perhaps not all of the information you think of as random information going into your PRNG is actually random. If that happens then even though the output of the PRNG "looks random", it may be predictable. Darren
Powered by blists - more mailing lists