[145533] in cryptography@c2.net mail archive
Re: init.d/urandom : saving random-seed
daemon@ATHENA.MIT.EDU (Guus Sliepen)
Sat Jul 31 18:06:37 2010
Date: Sat, 31 Jul 2010 19:25:50 +0200
From: Guus Sliepen <guus@sliepen.org>
To: Cryptography <cryptography@metzdowd.com>
Mail-Followup-To: Guus Sliepen <guus@sliepen.org>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <4C540F26.7090608@av8n.com>
--mOKeRhn3B7HglGBY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Jul 31, 2010 at 04:55:18AM -0700, John Denker wrote:
> > 2. How dangerous it is to feed the pool with stale seed data in the next
> > boot (i.e. in a failure mode where we do not regenerate the seed fil=
e) ?
[...]
> Now, to answer the question: A random-seed file should never be reused.
> Never ever.
>=20
> Reusing the random-seed file makes the PRNG very much worse than it would
> otherwise be. By way of illustration, suppose you are using the computer
> to help you play "battleship" or "go fish" against a ten-year-old opponen=
t.
> If you use the same 'random' numbers after every reboot, the opponent is
> going to notice. You are going to lose. In more-demanding situations,
> against an opponent with more skill and more motivation, you are going to
> lose even more miserably.
I do not think replaying a "stale" seed file at boot is any worse than not
replaying that file. The real issue is how to ensure a fresh seed file.
However, looking at Debian's /etc/init.d/urandom, right after writing the s=
eed
file to /dev/urandom, it immediately creates a new one by reading from the
freshly seeded /dev/urandom again. There is a comment right above that sect=
ion
in the script: "Hm, why is the saved pool re-created at boot? [pere
2009-09-03]". Of course that is to ensure there is always a fresh seed file,
even if the system crashes and cannot writte a new seed file at shutdown ti=
me.
--=20
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@debian.org>
--mOKeRhn3B7HglGBY
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxUXJ0ACgkQAxLow12M2ntw9gCfTg6UOiU+syRAZ6UbIrRSNcGj
lMkAmwZYtNvIpw+xB8gkr7LzT9To1EyH
=sOov
-----END PGP SIGNATURE-----
--mOKeRhn3B7HglGBY--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
