[Cryptography] suggestions for very very early initialization of the kernel PRNG

John Denker jsd at av8n.com
Thu Nov 7 01:16:13 EST 2013 

On 11/06/2013 09:16 PM, Jerry Leichter wrote:
> 
> I can think of one simple example:  A CD Linux image
> used precisely to conduct operations we want to keep secure.  For
> example, there's a suggestion that small businesses use exactly such
> a thing to do their on-line banking, as their usual systems are way
> too vulnerable to various kinds of malware (and small businesses have
> been subject to attacks that bankrupted them).  The CD itself can't
> carry a seed, as it will be re-used repeatedly.  It has to come up
> quickly, and on pretty much any hardware, to be useful.  You could
> probably get something like Turbid in there - but there are plenty of
> CD's around already that have little if anything.

That's too contrived to hold my interest.  Here's why:

In most cases, the best advice is this:

        If you feel the urge to use
        read-only media and nothing else,
        lie down until the feeling goes away. 

In the vast majority of cases, anything the small business owner
could do with a "Live CD" could be done more conveniently – and 
much more securely – using a USB flash drive.  You can still boot 
from a read-only partition if you choose, while still having a 
read/write partition for storing seeds and other stuff that should 
persist from one boot to the next.

You should also consider running a “host” system that in turn boots 
a “guest” system in snapshot mode. The guest system has all the 
convenience of a read/write filesystem, together with the security 
of knowing that the image goes back to its previous state on the 
next reboot. (The host provides the randomness needed for seeding 
the PRNG and for other purposes.)

A further advantage is that the guest can be booted in non-snapshot 
mode on special occasions, for instance to install high-priority 
security-related software updates. That’s tough to do on read-only 
media.
           This assumes the Bad Guys have not already pwned
           the signing keys used to distribute updates........

Compared to trying to solve the problem within the constraints of
a CD-only approach, the flash and/or VM solutions seem easier and 
in every way better.

====

I just now incorporated this point into my screed:
   http://www.av8n.com/computer/htm/secure-random.htm#sec-not-read-only

More information about the cryptography mailing list