Linux RNG paper

[Bill Frantz]

On 3/21/06, Michael.Heyman at sparta.com (Heyman, Michael) wrote:

>Gutterman, Pinkas, and Reinman have produced a nice as-built-specification and analysis of the Linux 
>random number generator.
>
>>From <http://eprint.iacr.org/2006/086.pdf>:
>
>...
>
>” Since randomness is often consumed in a multi-user environment, it makes sense to generalize the BH 
>model to such environments. Ideally, each user should have its own random-number generator, and these 
>generators should be refreshed with different data which is all derived from the entropy sources 
>available to the system (perhaps after going through an additional PRNG). This architecture should 
>prevent denial-of-service attacks, and prevent one user from learning about the randomness used by 
>other users

One of my pet peeves: The idea that the "user" is the proper atom of
protection in an OS.

My threat model includes different programs run by one (human) user.  If
a Trojan, running as part of my userID, can learn something about the
random numbers harvested by my browser/gpg/ssh etc., then it can start
to attack the keys used by those applications, even if the OS does a
good job of keeping the memory spaces separate and protected.

Cheers - Bill

---------------------------------------------------------------------
Bill Frantz        | The first thing you need   | Periwinkle 
(408)356-8506      | when using a perimeter     | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter.    | Los Gatos, CA 95032

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com