[145543] in cryptography@c2.net mail archive
Re: init.d/urandom : saving random-seed
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Sun Aug 1 13:00:05 2010
Cc: Henrique de Moraes Holschuh <hmh@debian.org>,
Petter Reinholdtsen <pere@hungry.com>,
pkg-sysvinit-devel@lists.alioth.debian.org,
Cryptography <cryptography@metzdowd.com>
From: Jerry Leichter <leichter@lrw.com>
To: John Denker <jsd@av8n.com>
In-Reply-To: <4C548965.1060702@av8n.com>
Date: Sun, 1 Aug 2010 00:00:39 -0400
On the question of what to do if we can't be sure the saved seed file
might be reused: Stir in the date and time and anything else that
might vary - even if it's readily guessable/detectable - along with
the seed file. This adds minimal entropy, but detecting that a seed
file has been re-used will be quite challenging. A directed attack
can probably succeed, but if you consider the case of a large number
of nodes that reboot here and there and that, at random and not too
often, re-use a seed file, then detecting those reboots with stale
seed files seems like a rather hard problem. (Detecting them
*quickly* will be even harder, so active attacks - as opposed to
passive attacks that can be made on recorded data - will probably be
out of the question.)
I wouldn't recommend this for high-value security, but then if you're
dealing with high-value information, there's really no excuse for not
having and using a source of true random bits.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
