[Cryptography] RNG design principles
Ralf Senderek
crypto at senderek.ie
Tue Nov 29 04:15:33 EST 2016
On Mon, 28 Nov 2016, Jerry Leichter wrote:
>
>> ...Imagine the Linux kernel would provide a new, special
>> file structure that has a property "read-once-and-then-never-again"
>> enforced by kernel code. This file could be read (once) in early boot
>> process and would not be accessible after that first read.
> Hmm. Sounds kind of like a pipe, or a socket. The semantics is mainly already there, just not specifically as a file system.
>
>> To update the secret stored in such a special file structure, there
>> must be a second property "write-once-after-being-read-once" enforced
>> by kernel code to make sure that the secret can only be changed by
>> early boot code once enough entropy has been gathered to safely
>> update the file content (once).
> This could be done through something pipe- or socket-like, too - whatever is listening will only accept one write, then close its side.
>
> -- Jerry
The context in which I brought up this question was the idea
of storing secret information in the file system, in a new
way that ensures this information can be read once (in the
early boot process) and will then disappear reliably for the
rest of the time until the next boot. On the next boot,
the information --- maybe updated with a single write ---
should be visible again (first read i.e. by a deamon that
stores the secret in memory) but will remain inaccessible
even by root code after the first read, because the kernel
enforces this inaccesibility.
I'm sure a pipe or a socket wouldn't help here as they don't
preserve the information across boot processes. It would take
something like a file with a read counter being reset by
starting kernel code. This is a rough estimate, details may
be more complicated, but if we had this, the storage of secrets
would become much easier.
--ralf
More information about the cryptography
mailing list