lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Dec 2007 13:30:35 -0500 From: Phillip Susi <psusi@....rr.com> To: Andrew Lutomirski <luto@...ealbox.com> CC: Theodore Tso <tytso@....edu>, David Newall <david@...idnewall.com>, John Reiser <jreiser@...wagon.com>, Matt Mackall <mpm@...enic.com>, linux-kernel@...r.kernel.org, security@...nel.org Subject: Re: /dev/urandom uses uninit bytes, leaks user data Andrew Lutomirski wrote: > No, it's there, and if there's little enough entropy around it can be > recovered by brute force. A little entropy is enough to prevent a brute force attack. You would have to have ZERO entropy after a cold boot so the attacker would know exactly the contents of the pool, AND know that one and ONLY one other task has read from /dev/urandom, AND exactly what time that task did so, AND how many bytes it read. Only then could the attacker read from urandom and based on those bytes and the previous known pool state, brute force the 3 bytes that came from some unknown location in the other task's memory. >>> Step 1: Boot a system without a usable entropy source. >>> Step 2: add some (predictable) "entropy" from userspace which isn't a >>> multiple of 4, so up to three extra bytes get added. >>> Step 3: Read a few bytes of /dev/random and send them over the network. >> Only root can do 1 and 2, at which point, it's already game over. > > Again, no. Root could do this accidentally. Step 1 happens all the > time (see the comments on non-unique UUIDs). Step 2 just requires a It does not happen all the time. It happens on a system that has just been cold booted from read only distribution media with a broken cmos clock, no user keyboard interaction, and no hardware rng and that's it. Every other system is going to have some entropy from the last boot at least. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists