[145550] in cryptography@c2.net mail archive
Re: init.d/urandom : saving random-seed
daemon@ATHENA.MIT.EDU (Henrique de Moraes Holschuh)
Sun Aug 1 13:04:34 2010
Date: Sun, 1 Aug 2010 11:34:58 -0300
From: Henrique de Moraes Holschuh <hmh@debian.org>
To: Jerry Leichter <leichter@lrw.com>
Cc: John Denker <jsd@av8n.com>, Petter Reinholdtsen <pere@hungry.com>,
pkg-sysvinit-devel@lists.alioth.debian.org,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <E40D30CA-502E-4117-96F3-64506AD8D6A9@lrw.com>
(Please keep all CCs).
On Sun, 01 Aug 2010, Jerry Leichter wrote:
> file might be reused: Stir in the date and time and anything else
> that might vary - even if it's readily guessable/detectable - along
Well, yes, we have several *guessable* sources of variable data available
during early userspace that we could use. We can also distill them through
sha256.
But it would add very little variation across reboots of the same box, and
that variation is easily guessable. Worse, the entire contents of the base
data is also guessable, *and* almost all of it is available after boot (and
that does include the date/time).
It would be something like this:
( dmesg | sha256 ; ( date -u ; date +%N ) | sha256) | dd of=/dev/urandom
In addition to the usual shuffling done using the seed file.
However, someone would have to put forth a good, solid technical explanation
of why the above would give a measurable increase on the security of a
system where the seed file does not exist (or is being reused due to a
failure that caused an early reboot).
As I said, the entire data used (dmesg, system time) is available and/or
guessable to very high precision after boot [when a seed file has not been
refreshed], AND the variation between boots can be rather small *and* that
variation is also guessable.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
