lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 02 Aug 2010 00:52:51 +0200
From:	Christoph Anton Mitterer <calestyo@...entia.net>
To:	Matt Mackall <mpm@...enic.com>
Cc:	Henrique de Moraes Holschuh <hmh@...ian.org>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Theodore Ts'o <tytso@....edu>, linux-kernel@...r.kernel.org
Subject: Re: [Pkg-sysvinit-devel] Bug#587665: Safety of early boot init of
 /dev/random seed

Hey Matt...

May I ask you a follow-up question on that,... which is however not so
much Debian-init-related, I guess.


On Mon, 2010-07-05 at 13:40 -0500, Matt Mackall wrote:
> > > 1. How much data of unknown quality can we feed the random pool at boot,
> > >    before it causes damage (i.e. what is the threshold where we violate the
> > >    "you are not goint to be any worse than you were before" rule) ?
> 
> There is no limit. The mixing operations are computationally reversible,
> which guarantees that no unknown degrees of freedom are clobbered when
> mixing known data.
> 
> > > 2. How dangerous it is to feed the pool with stale seed data in the next
> > >    boot (i.e. in a failure mode where we do not regenerate the seed file) ?
> 
> Not at all.

Are the above to statements also true for possibly "evil" random data?


I mean the seed file (as in Debian) is already from the kernel's PRNG,
right? So that shouldn't contain evil and special crafted data in order
to weak the PRNG.

Working with a Gird-CA for the LHC - we're always interested in nice
tokens like:
http://www.entropykey.co.uk/

Unfortunately it's never really clear how well their contribution would
actually be.... and the paranoid below us could even believe, that
mighty government organisations have such devices hacked in order to
harm our crypto ;)


Thanks,
Chris.

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5677 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ