[Cryptography] Opening Discussion: Speculation on "BULLRUN"

David Mercer radix42 at gmail.com
Thu Sep 5 21:49:03 EDT 2013


On Thursday, September 5, 2013, Jerry Leichter wrote:

> [This drifts from the thread topic; feel free to attach a different
> subject line to it]
>
> On Sep 5, 2013, at 4:41 PM, Perry E. Metzger wrote:
> > 3) I would not be surprised if random number generator problems in a
> > variety of equipment and software were not a very obvious target,
> > whether those problems were intentionally added or not.
> Random number generators make for a very interesting target.  Getting
> decent amounts of entropy on conventional machines is very difficult.
>  Servers have almost no random variation in their environments; desktops
> somewhat more; modern laptops, yet more.  Virtualization - now extremely
> common on the server side - makes things even harder.  But even laptops
> don't have much.  So we're left trying to distill "enough" randomness for
> security - a process that's error-prone and difficult to check.
>

Virtual private servers are a very big problem. Virtual machine deployment
systems at very large hosting providers have been found to use the same
/dev/urandom initialization for many thousands of machines. It comes from
not re-seeding from /dev/random on provisioning, and running with the same
seed as was in the VM template when it was 'cut'.

I know because I fixed it at places I worked as a contractor. I know at
least one competitor had the issue. No knowledge if it was ever fixed
there. Don't trust seeds you didn't generate. Think about Amazon AWS
instances all spinning up on demand with the exact same init code and prng
seed (this example is not the ones i dealt with, butnis perhaps a larger
problem). You always have a window after startup where you can predicte the
state of the kernel level prng. Not a big one, but it is real and in the
wild.

-David Mercer



-- 
David Mercer - http://dmercer.tumblr.com
IM:  AIM: MathHippy Yahoo/MSN: n0tmusic
Facebook/Twitter/Google+/Linkedin: radix42
FAX: +1-801-877-4351 - BlackBerry PIN: 332004F7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130906/7f0ceefa/attachment.html>


More information about the cryptography mailing list