[Cryptography] Timing of saving RNG state
Tom Mitchell
mitch at niftyegg.com
Sun Jan 5 17:34:44 EST 2014
On Fri, Jan 3, 2014 at 1:05 PM, Viktor Dukhovni
<cryptography at dukhovni.org> wrote:
> On Fri, Jan 03, 2014 at 02:49:01PM -0500, Theodore Ts'o wrote:
>
>> > Speaking of the timing of RNG state save/restore, Nico Williams
>> > observes that it would be prudent to save state not only on (clean)
>> > shutdown, but also at startup,
......
>> It's such a good idea I recommened it almost a decade ago in the Linux
>> kernel sources. :-)
.......
> Good to know, thanks. We must have been looking at some older
> systems last time this issue came up.
In doing this it also makes sense to also save date and time.
One anchor for some systems is relentless forward progress
of the date and time (at both ends of a secure channel).
While accuracy and precision are important, relentless forward
progress is often given a back seat to "correct" time of day.
Forensics likes accuracy and precision. Relentless forward
progress across reboots and power interruptions is important
as well. In some cases quality time and date stamps can be used
to detect men in the middle, odd transit paths and more. Like a
bound notebook with hand written date time annotations veracity
follows (but is not comply assured).
--
T o m M i t c h e l l
More information about the cryptography
mailing list