[Cryptography] cheap sources of entropy

John Kelsey crypto.jmk at gmail.com
Mon Feb 3 12:14:30 EST 2014

On Feb 2, 2014, at 10:34 PM, John Gilmore <gnu at toad.com> wrote:
> So, if an attacker running malware in a hypervisor (or SMM) knew you
> were depending on disk drive timings for the random numbers that
> create your encryption keys, how easily could they attack you by
> rigidizing those interrupt timings, e.g. delaying your virtual machine
> interrupts at to the next even 1/60th of a second?

Maybe this is just my lack of understanding coming out, but I'm having a hard time seeing how any crypto code is going to remain secure if the hypervisor controlling the VM it's running on is under an attacker's control.  

>    John


More information about the cryptography mailing list