[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Kent Borg
kentborg at borg.org
Tue Oct 22 07:35:19 EDT 2013
On 10/21/2013 05:21 PM, Philipp Gühring wrote:
> Another completely different idea I had for the boot-time scenario
> would be to mix in the whole (or a part if it is too much) of the
> physical RAM (/dev/mem) into the RNG pool at boot time, or on first
> demand when there isn't enough in the pool already to satisfy the
> demand (so you don't need to do it if nobody needs /dev/random)
I used to like that idea. After all, even though power-on contents of
RAM isn't completely random it is also not completely predictable. Some
unique bits in there if not rich entropy.
Unfortunately, since I had my brainstorm, RAM technology seems to have
changed and in my observation recent RAM comes up nearly all zeros. At
least once Linux is up (and I don't think Linux has taken the time to
zero things).
Another problem: it takes time to read all that RAM, so one wouldn't
want to actually wait before finishing booting.
-kb
More information about the cryptography
mailing list