[Cryptography] [RNG] on RNGs, VM state, rollback, etc.

James A. Donald jamesd at echeque.com
Sat Oct 19 16:37:14 EDT 2013


On 2013-10-20 02:48, John Denker wrote:
> Uhhh, that's the answer to a different question. We agree that the 
> amount of available entropy is "small". My point is that it is too small.

It is too small for a short period after boot up.

Which is causing problems, in that we see significant key duplication 
and common factors.

And, after that short period, forever afterwards, ample.

Any system that needs crypto, communicates.  Any system that 
communicates, sees events whose details are difficult to predict for 
anyone not in physical possession of the system.

Solution:  Block for a short period after startup.  Possibly a small 
number of systems will freeze up and fail to boot.  This is almost 
always fixable by moving the blocking process in the bootup so that it 
no longer blocks other processes while it is blocked waiting for 
/dev/urandom, while /dev/urandom is blocked waiting for entropy.


More information about the cryptography mailing list