lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100802041321.GB6863@khazad-dum.debian.net>
Date:	Mon, 2 Aug 2010 01:13:21 -0300
From:	Henrique de Moraes Holschuh <hmh@....eng.br>
To:	Christoph Anton Mitterer <calestyo@...entia.net>
Cc:	Matt Mackall <mpm@...enic.com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Theodore Ts'o <tytso@....edu>, linux-kernel@...r.kernel.org
Subject: Re: [Pkg-sysvinit-devel] Bug#587665: Safety of early boot init of
 /dev/random seed

On Mon, 02 Aug 2010, Christoph Anton Mitterer wrote:
> > > > 2. How dangerous it is to feed the pool with stale seed data in the next
> > > >    boot (i.e. in a failure mode where we do not regenerate the seed file) ?
> > 
> > Not at all.
> 
> Are the above to statements also true for possibly "evil" random data?

Yes.  I think you could consider that seeding with evil data does as much
damage as not seeding at all.

Unless there is a big bad bug somewhere, in which case we'd very much like
to know about it ;-)

> Working with a Gird-CA for the LHC - we're always interested in nice
> tokens like:
> http://www.entropykey.co.uk/
> 
> Unfortunately it's never really clear how well their contribution would
> actually be.... and the paranoid below us could even believe, that
> mighty government organisations have such devices hacked in order to
> harm our crypto ;)

Well, if you overestimate the entropy that thing will output, it might cause
harm.  If it has a self-sabotage device that is intelligent enough not to
fail the tests done by the application that feeds entropy to the kernel, it
might cause harm.  The list goes on and on...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ