Linux RNG paper

Victor Duchovni Victor.Duchovni at MorganStanley.com
Wed Mar 22 21:04:54 EST 2006


On Wed, Mar 22, 2006 at 02:31:37PM -0800, Bill Frantz wrote:

> One of my pet peeves: The idea that the "user" is the proper atom of
> protection in an OS.
> 
> My threat model includes different programs run by one (human) user.  If
> a Trojan, running as part of my userID, can learn something about the
> random numbers harvested by my browser/gpg/ssh etc., then it can start
> to attack the keys used by those applications, even if the OS does a
> good job of keeping the memory spaces separate and protected.
> 

Why would a trojan running in your security context bother with attacking
a PRNG? It can just read your files, record your keystrokes, change your
browser proxy settings, ...

If the trojan is a sand-box of some sort, the sand-box is a different
security context, and in that case, perhaps a different RNG view is
justified.

Some applications that consume a steady stream of RNG data, maintain
their own random pool, and use the public pool to periodically mix in
some fresh state. These are less vulnerable to snooping/exhaustion of
the public stream.

The Postfix tlsmgr(8) process proxies randomness for the rest of the
system in this fashion...

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list