Linux RNG paper
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Wed Mar 22 21:04:54 EST 2006
On Wed, Mar 22, 2006 at 02:31:37PM -0800, Bill Frantz wrote:
> One of my pet peeves: The idea that the "user" is the proper atom of
> protection in an OS.
>
> My threat model includes different programs run by one (human) user. If
> a Trojan, running as part of my userID, can learn something about the
> random numbers harvested by my browser/gpg/ssh etc., then it can start
> to attack the keys used by those applications, even if the OS does a
> good job of keeping the memory spaces separate and protected.
>
Why would a trojan running in your security context bother with attacking
a PRNG? It can just read your files, record your keystrokes, change your
browser proxy settings, ...
If the trojan is a sand-box of some sort, the sand-box is a different
security context, and in that case, perhaps a different RNG view is
justified.
Some applications that consume a steady stream of RNG data, maintain
their own random pool, and use the public pool to periodically mix in
some fresh state. These are less vulnerable to snooping/exhaustion of
the public stream.
The Postfix tlsmgr(8) process proxies randomness for the rest of the
system in this fashion...
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list