Linux RNG paper
Bill Frantz
frantz at pwpconsult.com
Wed Mar 22 17:31:37 EST 2006
On 3/21/06, Michael.Heyman at sparta.com (Heyman, Michael) wrote:
>Gutterman, Pinkas, and Reinman have produced a nice as-built-specification and analysis of the Linux
>random number generator.
>
>>From <http://eprint.iacr.org/2006/086.pdf>:
>
>...
>
>” Since randomness is often consumed in a multi-user environment, it makes sense to generalize the BH
>model to such environments. Ideally, each user should have its own random-number generator, and these
>generators should be refreshed with different data which is all derived from the entropy sources
>available to the system (perhaps after going through an additional PRNG). This architecture should
>prevent denial-of-service attacks, and prevent one user from learning about the randomness used by
>other users
One of my pet peeves: The idea that the "user" is the proper atom of
protection in an OS.
My threat model includes different programs run by one (human) user. If
a Trojan, running as part of my userID, can learn something about the
random numbers harvested by my browser/gpg/ssh etc., then it can start
to attack the keys used by those applications, even if the OS does a
good job of keeping the memory spaces separate and protected.
Cheers - Bill
---------------------------------------------------------------------
Bill Frantz | The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter. | Los Gatos, CA 95032
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list