[Cryptography] cheap sources of entropy
crypto.jmk at gmail.com
Mon Feb 3 12:14:30 EST 2014
On Feb 2, 2014, at 10:34 PM, John Gilmore <gnu at toad.com> wrote:
> So, if an attacker running malware in a hypervisor (or SMM) knew you
> were depending on disk drive timings for the random numbers that
> create your encryption keys, how easily could they attack you by
> rigidizing those interrupt timings, e.g. delaying your virtual machine
> interrupts at to the next even 1/60th of a second?
Maybe this is just my lack of understanding coming out, but I'm having a hard time seeing how any crypto code is going to remain secure if the hypervisor controlling the VM it's running on is under an attacker's control.
More information about the cryptography