[Cryptography] Apple's Early Random PRNG
tytso at mit.edu
tytso at mit.edu
Mon Mar 17 01:43:37 EDT 2014
On Sun, Mar 16, 2014 at 09:14:55PM -0700, Bear wrote:
>
> The idea that you need random output early in the bootup sequence
> is just plain wrong. Even if you want to download a boot image
> over the network securely, you can darn well start the process by
> booting something else and gathering entropy for a minute before
> you open network connections.
ASLR of the kernel during early boot. Sure, you could boot the
kernel, gather enough entropy, and then kexec boot again with a
fully-seeded RNG to do ASLR of the kernel text segment, but that gets
painful....
- Ted
More information about the cryptography
mailing list