[Cryptography] CD bootable Linux (was randomness +- entropy)

Thierry Moreau thierry.moreau at connotech.com
Thu Nov 7 09:54:26 EST 2013 

Jerry Leichter wrote:
> On Nov 6, 2013, at 2:40 PM, John Denker wrote:
>> Suppose we have something that boots from read-only media 
>> -- booting repeatedly, unattended, with no HRNG, with no 
>> hypervisor, with no non-volatile memory, and yet no air-gap.  
>> This must be declared an unsound design.  Get a clue.  Get 
>> some persistent memory, get a HRNG, get the hypervisor to 
>> provide a seed, or whatever, so as to ensure that the PRNG 
>> is up and running very, very early.
> I don't know how many such systems are out there, but if there are such, they are likely old or very cheap embedded systems that it'll be tough to get software updates onto, and impossible to get new hardware onto.  Declaring them "unsound" may not make the go away.
> 
> In fact, though, I can think of one simple example:  A CD Linux image used precisely to conduct operations we want to keep secure.  For example, there's a suggestion that small businesses use exactly such a thing to do their on-line banking, as their usual systems are way too vulnerable to various kinds of malware (and small businesses have been subject to attacks that bankrupted them).  The CD itself can't carry a seed, as it will be re-used repeatedly.  It has to come up quickly, and on pretty much any hardware, to be useful.  You could probably get something like Turbid in there - but there are plenty of CD's around already that have little if anything.

There is this US military sector initiative "Lightweight Portable 
Security" with precisely this mandate.

http://www.spi.dod.mil/lipose.htm

I looked at it (version 1.2.0), initially to get the tools to re-create 
my own (say I don't like their list of trusted root CA ...) and expected 
to get some contact point where I could get the source ... I didn't 
finish this chase, but in looking for GPL'ed software components I came 
across their selected solution for a true RNG source (it's a 
security-centric raison d'être, so there must be some thought in this 
aspect of *system* design).

The finding was plainly uninteresting: some cpu instruction timing 
jitter measurements developed by someone who lost interest after having 
released his code under the GPL.

I would definitely like to see some distribution of required tools and 
scripts for creating a CD bootable Linux with an emphasis on security 
considerations. Obviously, e.g. from this long discussion, the true RNG 
source would remain an "area for further study."

Regards,



-- 
- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1

Tel. +1-514-385-5691

More information about the cryptography mailing list