| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Dec 2007 14:39:00 +1030 From: David Newall <david@...idnewall.com> To: Theodore Tso <tytso@....edu>, David Newall <david@...idnewall.com>, Andy Lutomirski <luto@...ealbox.com>, John Reiser <jreiser@...Wagon.com>, Matt Mackall <mpm@...enic.com>, linux-kernel@...r.kernel.org, security@...nel.org Subject: Re: /dev/urandom uses uninit bytes, leaks user data Theodore Tso wrote: > On Tue, Dec 18, 2007 at 01:43:28PM +1030, David Newall wrote: > >> On a server, keyboard and mouse are rarely used. As you've described it, >> that leaves only the disk, and during the boot process, disk accesses and >> timing are somewhat predictable. Whether this is sufficient to break the >> RNG is (clearly) a matter of debate. >> > > In normal operaiton, entropy is accumlated on the system, extracted > via /dev/urandom at shutdown, and then loaded back into the system > when it boots up. Thus, the entropy saved at shutdown can be known at boot-time. (You can examine the saved entropy on disk.) > If you have a server, the best thing you can do is use a hardware > random number generator, if it exists. Fortunately a number of > hardware platforms, such as IBM blades and Thinkpads, come with TPM > modules that include hardware RNG's. That's ultimately the best way > to solve these issues. Just how random are they? Do they turn out to be quite predictable if you're IBM? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists