[Cryptography] OpenSSL and random
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Dec 4 21:14:46 EST 2016
Jason Cooper <cryptography at lakedaemon.net> writes:
>It's worth noting here that this will work for individual users with a simple
>threat model. However, this is *not* an acceptable solution for an OS to
>ship.
Oh, I wasn't intending it for that use, my interest was SCADA/embedded,
devices that are notoriously short of entropy. So you have a per-device
unique value (MAC address) and varying value (IP address or time) to ensure
that you get unique keys per device, and if you recreate the keys you get
different ones each time. That's also why it used very low-level information
rather than kernel stats, routing info, network statistics, and so on - there
won't be any.
Random number generation is very situation-specific. In this case you know
that the attackers don't have physical access, are unlikely to get remote
access (the devices are typically running a custom RTOS, there's not much to
attack and even if you can find a vuln, it's quite hard to exploit since
there's no room for anything but the RTOS in memory), and the manufacturer
controls the fixed secret.
Peter.
More information about the cryptography
mailing list