[16366] in Kerberos_V5_Development
Re: krb5 and PRNGs
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Sep 21 18:07:24 2010
From: Greg Hudson <ghudson@mit.edu>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
In-Reply-To: <20100921214811.GR7857@oracle.com>
Date: Tue, 21 Sep 2010 18:07:19 -0400
Message-ID: <1285106839.20521.129.camel@ray>
Mime-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Tue, 2010-09-21 at 17:48 -0400, Nicolas Williams wrote:
> > We don't use /dev/urandom directly to generate keys. I assume this is
> > out of concern that /dev/urandom might not be cryptographically
> > strong--that is, an attacker might be able to look at some of its
> > output, recover the internal state of the kernel's PRNG, and know all
> > of the subsequent outputs. If /dev/urandom can be attacked in this
>
> No, that's not correct.
What's not correct? /dev/urandom *should* have all of the properties
you mentioned, but if we're willing to assume that, why not just use it
directly for keys?
Keep in mind that in the section you quoted, I am trying to intuit the
design intent of an architecture I myself did not have a hand in; I'm
not articulating my own views.
> Applications can only do so much to make up for limitations of the host
> OS' entropy services. I'd say: use /dev/random to seed Yarrow/Fortuna,
> and be done.
Currently, we treat /dev/random as sufficiently precious that we are not
willing to use it every time the krb5 library is fired up, only for very
limited purposes (kadmind and kdb5_util create). We really do
use /dev/urandom to seed Yarrow, most of the time.
Also, the whole point of my message is to call into question the
applicability of the Yarrow/Fortuna reseed logic to Kerberos. Saying
"use /dev/random to seed Yarrow/Fortuna, and be done" sidesteps the
fundamental issue.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
