[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Christoph Anton Mitterer
calestyo at scientia.net
Sat Oct 19 17:43:00 EDT 2013
On Sat, 2013-10-19 at 17:22 -0400, Jeffrey I. Schiller wrote:
> That is a value judgment, one where you let security be more important
> than anything else. That is a mistake.
No it is not,... actually security is generally more important than
anything else, other wise you wouldn't need to have security added to
the respective functionality in the first place.
Basically, I absolutely agree what James A. Donald has written just
before.
> There are plenty of applications where it is better to have things
> work then to have them not work in the name of security. Consider an
> embedded controller running a critical resource (like your heart
> pacemaker). It is better to have it fail by using poor entropy then to
> fail completely and leave you dead.
Well I'm sure you can make up man non-real world examples like this
where security is (seemingly) less important than functionality.
But apart from the question: Why does a pacemaker need cryptography?,...
you could also wonder yourself: What happens if the cryptography is so
weak, that any passer could hack the pacemakers of all people around
thereby killing them?
> I would be in favor of having /dev/urandom block iff we define a
> sysctl (or similar) flag that specifies if it should and the default
> should be don’t block. System designers can then decide whether or not
> to set the flag (presumably prior to any use of /dev/urandom).
I don't think this would work out, as Ted and others mentioned,...
programmers would easily fall into the habit of leaving their programs
broken and use the less secure option,... and if the flag wouldn't
default to the secure setting, it wouldn't help all the legacy apps
being already out there, unless they're explicitly updated (unlikely).
Some people also mentioned that making things secure by default (e.g. in
this case /dev/urandom blocking if it couldn't give back good numbers)
than people may choose to implement their own (even worse) RNGs...
Sure that's always true,... we never can force people not to shoot into
their own feet.
But just because we can't it doesn't mean that we should make the
systems less secure by design.
Cheers,
Chris.
More information about the cryptography
mailing list