[Cryptography] suggestions for very very early initialization of the kernel PRNG

Jerry Leichter leichter at lrw.com
Fri Nov 8 07:49:59 EST 2013 

On Nov 8, 2013, at 7:06 AM, Arnold Reinhold wrote:
> CD-ROMs have a big advantage over USB flash drives: they are physically unmodifiable. The read-only partition on your USB drive is enforced by system software that can be compromised.
While I said the same thing myself ... there's a subtlety here.  You said "CD-ROM", which is a pressed disk, and is indeed physically unwritable.  But that requires access to a CD pressing facility - i.e., CD-ROM's are something for the commercial market.  Same for DVD-ROM.  It's not clear there's a sufficient market for anyone to sell a CD- or DVD-ROM LiveCD, and I'm sure there will be those who wouldn't trust the contents anyway.  (To get around that, you'd want to make sure the contents of the disk were created using a fully reproducible build process.  Then the suspicious could always build from source all the way up to an ISO image and compare bit by bit.)

What most people have in mind, though, is cutting their own CD or DVD.  And here you get into the whole mess of different technologies, and the question of just what enforces the "non-writability".  CD-RW is out, as its explicitly re-writeable.  Any given physical piece of a CD-R "can't be re-written", though you can add more data to previously written sections later.  What "can't be re-written" actually means physically, I'm not sure.  The bits are written to a CD-R as "permanently" altered and unaltered areas of dye.  Even if the "permanent" alterations can't be undone, one could in principle alter some of the unaltered regions.  It would require specialized hardware and software; given all the error correction needed to make these devices usable, it's not even clear what modifications you might be able to introduce.  It also seems highly unlikely that a commercial CD-R writer could be modified (by a malicious firmware alteration) to play this game.  But who knows.

With DVD, things get even more complicated, given the multiple extant technologies.

Theoretically, I suppose it might even be possible to use a laser to blast extra pits into a pressed CD or DVD - though that would certainly require specialized equipment and physical access to the disk, at which point you might as well produce a look-alike disk containing whatever you want on it.

I'm sure the three-letter agencies have had their engineers all over this stuff, just in case they mighy need the capability to modify a "read-only" disk.  I haven't seen any public discussion of the issue, though I'll admit I haven't looked hard for it.

In *practical* terms, a CD-R or DVD-R - *not* a -RW, or the logically equivalent "+" versions - can probably be treated as unmodifiable unless you're targeted by the NSA or someone with similar resources.  (Even then, they probably have many easier ways to get to you.)  It would be nice to confirm, though, that CD-R or DVD-R writers are *physically* incapable of modifying existing information, not just blocked from trying by perhaps-modifiable firmware.
                                                        -- Jerry

More information about the cryptography mailing list