lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 19 Dec 2007 17:40:45 -0500
From:	Bill Davidsen <davidsen@....com>
To:	David Newall <david@...idnewall.com>
CC:	Theodore Tso <tytso@....edu>, Andy Lutomirski <luto@...ealbox.com>,
	John Reiser <jreiser@...Wagon.com>,
	Matt Mackall <mpm@...enic.com>,
	Linux Kernel mailing List <linux-kernel@...r.kernel.org>
Subject: Re: /dev/urandom uses uninit bytes, leaks user data

David Newall wrote:
> Theodore Tso wrote:
>> On Tue, Dec 18, 2007 at 01:43:28PM +1030, David Newall wrote:
>>  
>>> On a server, keyboard and mouse are rarely used.  As you've described 
>>> it, that leaves only the disk, and during the boot process, disk 
>>> accesses and timing are somewhat predictable.  Whether this is 
>>> sufficient to break the RNG is (clearly) a matter of debate.
>>>     
>>
>> In normal operaiton, entropy is accumlated on the system, extracted
>> via /dev/urandom at shutdown, and then loaded back into the system
>> when it boots up.
> 
> Thus, the entropy saved at shutdown can be known at boot-time.  (You can 
> examine the saved entropy on disk.)
> 
> 
>> If you have a server, the best thing you can do is use a hardware
>> random number generator, if it exists.  Fortunately a number of
>> hardware platforms, such as IBM blades and Thinkpads, come with TPM
>> modules that include hardware RNG's.  That's ultimately the best way
>> to solve these issues.
> 
> Just how random are they?  Do they turn out to be quite predictable if 
> you're IBM?

The typical RNG is a noise diode or other similar hardware using thermal 
noise, so it's unlikely that anyone but God could predict it. There are 
some USB devices which supposedly use radioactive decay, I'm unsure if 
that's better but I don't want to carry the dongle in my pants pocket. 
The hotbits network site uses radioactive decay to generate it's numbers.

-- 
Bill Davidsen <davidsen@....com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ