[Cryptography] Apple's Early Random PRNG

tytso at mit.edu tytso at mit.edu
Mon Mar 17 01:43:37 EDT 2014

On Sun, Mar 16, 2014 at 09:14:55PM -0700, Bear wrote:
> The idea that you need random output early in the bootup sequence 
> is just plain wrong.  Even if you want to download a boot image 
> over the network securely, you can darn well start the process by 
> booting something else and gathering entropy for a minute before 
> you open network connections. 

ASLR of the kernel during early boot.  Sure, you could boot the
kernel, gather enough entropy, and then kexec boot again with a
fully-seeded RNG to do ASLR of the kernel text segment, but that gets

					- Ted

More information about the cryptography mailing list