lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200507051500.j65F0ROf007491@caligula.anu.edu.au>
Date: Wed, 6 Jul 2005 01:00:27 +1000 (Australia/ACT)
From: Darren Reed <avalon@...igula.anu.edu.au>
To: exon@...e.se (exon)
Cc: bugtraq@...urityfocus.com
Subject: Re: /dev/random is probably not


In some mail from exon, sie said:
>   * If this estimate goes to zero, the routine can still generate
>   * random numbers; however, an attacker may (at least in theory) be
>   * able to infer the future output of the generator from prior
>   * outputs.  This requires successful cryptanalysis of SHA, which is
>   * not believed to be feasible, but there is a remote possibility.
>   * Nonetheless, these numbers should be useful for the vast majority
>   * of purposes.

> Judging by nmap evaluation of the ip-stack, OpenBSD and FreeBSD have 
> very strong PRNG's as well. I haven't got access to a NetBSD system to 
> test with.

nmap is not a good measure of this problem.

Linux cited using keyboard interrupts.  How many of those happen on
a web server in a rack, in an air conditioned computer room somewhere ?
How many happen when you open up your web browser and select your
internet banking web site from your bookmarks?

The original email pointed out that disk seek times may not be quite
as random as previously thought, especially with compact flash and
similar mediums.

In the case of polled I/O (for 1Gb+ NICs), is there any entropy
gained from network IRQ serving?

What the original article was getting at is that perhaps not all of
the information you think of as random information going into your
PRNG is actually random.  If that happens then even though the
output of the PRNG "looks random", it may be predictable.

Darren


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ