lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050705164514.GG11643@randombit.net>
Date: Tue, 5 Jul 2005 12:45:14 -0400
From: Jack Lloyd <lloyd@...dombit.net>
To: bugtraq@...urityfocus.com
Subject: Re: /dev/random is probably not


On Sun, Jul 03, 2005 at 12:39:30PM -0700, Zow Terry Brugger wrote:

> It's been a while since I looked at the /dev/random design on Linux (probably 
> the early 2.4 days), however one thing that was quite clear was that they did 
> not use any network I/O as entropy sources because an attacker, particularly 
> one that already had control of other machines on the same LAN segment, could 
> have a high degree of control over that source. I would be most interested if 
> that has changed since the last time I looked at it.

ISTR that grsecurity has toggles that enable gathering entropy from network
traffic. Assuming the PRNG is any good, it shouldn't matter if an attacker can
manipulate such timings, because (by definition) a good PRNG will still behave
correctly even if an attacker does feed it lots of deliberately bad data (as
long as the PRNG also has been fed with a sufficient amount of unguessable
'good' input as well, of course).

[...]
> >    Windows family OSs.
> 
> All I can observe here is that F-secure SSH still (at least the most recent 
> version I've used) collects its own entropy when running on Win2K, which 
> indicates to me that either they want to operate the same on all Windows 
> versions (as memory serves, Win95/98 does not have a RNG), or that Win2k does 
> not have a suitable RNG.

Only Win95 pre OSR2 is missing CryptoAPI (and specifically CryptGenRandom).
However, it's my understanding that early versions of CryptGenRandom were not
that great.

-Jack


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ