lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20080523094821.4f11cdf9@wssyg114.sygroup-int.ch>
Date: Fri, 23 May 2008 09:48:21 +0200
From: Tonnerre Lombard <tonnerre.lombard@...roup.ch>
To: Michael Holstein <michael.holstein@...ohio.edu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Working exploit for Debian generated SSH Keys

Salut, Michael,

On Tue, 20 May 2008 13:41:41 -0400, Michael Holstein wrote:
> Smoke Detector + Webcam = cheapo RNG

We were talking about PRNGs here, which are highly complex mathematical
constructs, not hardware RNGs, which are also slightly hairy though.
There are a couple of books on PRNG design, and even if you read them
you probably still need a couple of years to design a secure PRNG.

> I know some highly secure operations (eg: web casinos, using Geiger 
> counters and background radiation) use a version of this for their
> RNGs, and random.org does it with RF (radios listening to static) ..
> do patches exist for OpenSSL to use hardware devices? (short of a
> hack to take something like the above and pipe it to /dev/random,
> etc).

OpenSSL would probably be slightly the wrong place to do this. The BSD
systems tend to have kernel drivers for various hardware random
sources, XORing them into each other to eliminate the problem with weak
random sources. You can then distill this through the /dev/random
device. OpenSSL needs a build flag to make use of this additional
random material then, I think they add a certain amount of random
material to their MD on each iteration.

Please note that even hardware random sources are of quite varying
quality. Like you said, a Geiger counter provides you with quite
high-quality random numbers since, to our knowledge, quantum effects
are rather hard to predict. You can also use hard disk seek times as a
RNG source, but the quality is rather poor in this case, and you should
only use it in addition to other sources.

				Tonnerre
-- 
SyGroup GmbH
Tonnerre Lombard

Solutions Systematiques
Tel:+41 61 333 80 33		Güterstrasse 86
Fax:+41 61 383 14 67		4053 Basel
Web:www.sygroup.ch		tonnerre.lombard@...roup.ch

Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ