[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Jeffrey I. Schiller
jis at mit.edu
Sat Oct 19 17:22:55 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Oct 18, 2013 at 10:33:14PM +0200, Christoph Anton Mitterer wrote:
> On Fri, 2013-10-18 at 11:54 -0700, John Denker wrote:
> > Blocking /dev/urandom is a bad idea.
> Why? If the system is correctly set up, a good seed should be loaded
> and no problem will arise. If not, it's better to have failing
> programs or even a completely broken system, than one that does
> insecure things.
That is a value judgment, one where you let security be more important
than anything else. That is a mistake.
There are plenty of applications where it is better to have things
work then to have them not work in the name of security. Consider an
embedded controller running a critical resource (like your heart
pacemaker). It is better to have it fail by using poor entropy then to
fail completely and leave you dead.
For example I just invoked the “node” command (node.js), saw the
interactive prompt and then exited. Looking at strace output reveals
that it read from /dev/urandom. I suspect there are a lot of programs
that read from /dev/urandom that are not particularly security
sensitive, but people would be annoyed (or worse) if they hung.
There are always trade-offs to be made. I remember years ago hearing a
story about a discussion between crypto geeks and air force pilots
(could be navy pilots) discussing whether or not their radio systems
should permit in-the-clear communications in the event of failure to
sync up the crypto. The crypto geeks argued that no communication
should be permitted. The pilots said something like “If there is
someone flying 6 inches off my wingtip, I WANT TO BE ABLE TO TALK TO
THEM!”
I would be in favor of having /dev/urandom block iff we define a
sysctl (or similar) flag that specifies if it should and the default
should be don’t block. System designers can then decide whether or not
to set the flag (presumably prior to any use of /dev/urandom).
-Jeff
_______________________________________________________________________
Jeffrey I. Schiller
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room E17-110A, 32-392
Cambridge, MA 02139-4307
617.910.0259 - Voice
jis at mit.edu
http://jis.qyv.name
_______________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFSYvgv8CBzV/QUlSsRAu/GAKDOYWHt3AeXXSXA3qBllx7n47BbuACeLt9Z
w+IRD8JLmYTuHXmORmJy7gk=
=hF7k
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list