[39521] in bugtraq
Re: /dev/random is probably not
daemon@ATHENA.MIT.EDU (Stefan Bethke)
Fri Jul 8 17:23:20 2005
In-Reply-To: <434FEC79-19E4-436A-A8FA-18CF19403169@icorp.com.au>
Mime-Version: 1.0 (Apple Message framework v730)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <4F173C9C-4140-4FF2-B447-36F9820E11FE@tallence.com>
Cc: bugtraq@securityfocus.com
Content-Transfer-Encoding: 7bit
From: Stefan Bethke <s.bethke@tallence.com>
Date: Fri, 8 Jul 2005 22:27:25 +0200
To: Kai Howells <kai.howells@icorp.com.au>
Am 07.07.2005 um 02:53 schrieb Kai Howells:
[ Mac OS X entropy pool being periodically saved to a file and used
on boot to prime the PRNG ]
> Now this raises some interesting issues - such as where is the
> entropy written to, and how much does this pool of entropy set the
> state of the RNG after bootup - ie, if an attacker had control of
> this file, could they influence the RNG in a deterministic fashion
> after forcing a reboot?
$ ls -l /private/var/db/SystemEntropyCache
-rw------- 1 root wheel 20 Jul 8 21:59 /private/var/db/
SystemEntropyCache
If an attacker can manipulate this file, he probably has much more
effective tools to control the system...
FreeBSD 5 uses a similiar mechanism:
http://www.freebsd.org/cgi/man.cgi?
query=random&apropos=0&sektion=4&manpath=FreeBSD+5.4-stable&format=html
$ sudo ls -la /var/db/entropy
total 20
drwx------ 2 operator operator 512 Jul 8 22:22 .
drwxr-xr-x 8 root wheel 512 Jul 8 22:21 ..
-r-------- 1 operator operator 2048 Jul 8 22:22 saved-entropy.1
-r-------- 1 operator operator 2048 Jul 8 22:11 saved-entropy.2
-r-------- 1 operator operator 2048 Jul 8 22:00 saved-entropy.3
-r-------- 1 operator operator 2048 Jul 8 21:55 saved-entropy.4
-r-------- 1 operator operator 2048 Jul 8 21:44 saved-entropy.5
-r-------- 1 operator operator 2048 Jul 8 21:33 saved-entropy.6
-r-------- 1 operator operator 2048 Jul 8 21:22 saved-entropy.7
-r-------- 1 operator operator 2048 Jul 8 21:11 saved-entropy.8
--
Stefan Bethke <s.bethke@tallence.com>
Tallence GmbH, Baumwall 3, D-20459 Hamburg, Germany
Mobile +49 170 3460140, Office +49 40 360935-0, Fax +49 40 360935-10
