[Cryptography] suggestions for very very early initialization of the kernel PRNG
John Denker
jsd at av8n.com
Thu Nov 7 01:16:13 EST 2013
On 11/06/2013 09:16 PM, Jerry Leichter wrote:
>
> I can think of one simple example: A CD Linux image
> used precisely to conduct operations we want to keep secure. For
> example, there's a suggestion that small businesses use exactly such
> a thing to do their on-line banking, as their usual systems are way
> too vulnerable to various kinds of malware (and small businesses have
> been subject to attacks that bankrupted them). The CD itself can't
> carry a seed, as it will be re-used repeatedly. It has to come up
> quickly, and on pretty much any hardware, to be useful. You could
> probably get something like Turbid in there - but there are plenty of
> CD's around already that have little if anything.
That's too contrived to hold my interest. Here's why:
In most cases, the best advice is this:
If you feel the urge to use
read-only media and nothing else,
lie down until the feeling goes away.
In the vast majority of cases, anything the small business owner
could do with a "Live CD" could be done more conveniently – and
much more securely – using a USB flash drive. You can still boot
from a read-only partition if you choose, while still having a
read/write partition for storing seeds and other stuff that should
persist from one boot to the next.
You should also consider running a “host” system that in turn boots
a “guest” system in snapshot mode. The guest system has all the
convenience of a read/write filesystem, together with the security
of knowing that the image goes back to its previous state on the
next reboot. (The host provides the randomness needed for seeding
the PRNG and for other purposes.)
A further advantage is that the guest can be booted in non-snapshot
mode on special occasions, for instance to install high-priority
security-related software updates. That’s tough to do on read-only
media.
This assumes the Bad Guys have not already pwned
the signing keys used to distribute updates........
Compared to trying to solve the problem within the constraints of
a CD-only approach, the flash and/or VM solutions seem easier and
in every way better.
====
I just now incorporated this point into my screed:
http://www.av8n.com/computer/htm/secure-random.htm#sec-not-read-only
More information about the cryptography
mailing list