[Cryptography] randomness +- entropy
Albert Lunde
atlunde at panix.com
Tue Nov 5 07:45:09 EST 2013
On 11/4/2013 7:16 PM, Theodore Ts'o wrote:
> On Mon, Nov 04, 2013 at 12:21:00PM -0700, John Denker wrote:
> One of the reasons why we don't attempt to extract "true random bits"
> and save them across a reboot is that even we had such bits that were
> secure even if the underlying crypto primitives were compromised to a
> fare-thee-well, once you write them to the file on the hard drive and
> the OS gets shut down, there's no guarantee that an adversary might
> not be able to read the bits while the OS is shut down.
This seems to be a misplaced threat model. Once an adversary has
physical access to a device sufficient to read a stored random seed,
they have other ways to compromise the system.
There may be no one-size-fits-all answer. Providing means to manage a
random seed across reboots or provision it for a VM from a hypervisor
seem like they could help important corner cases.
More information about the cryptography
mailing list