[Cryptography] RNG design principles

Jerry Leichter leichter at lrw.com
Tue Nov 29 05:33:07 EST 2016


>> Hmm.  Sounds kind of like a pipe, or a socket.  The semantics is mainly already there, just not specifically as a file system.
> The context in which I brought up this question was the idea
> of storing secret information in the file system, in a new
> way that ensures this information can be read once...
Yes, of course.  But the point I was making is that the user side of the semantics is pretty much already there.  You don't need a file with special properties.  You need something like a pipe that gets filled with information obtained from some form of persistent storage not otherwise accessible at all.

Put another way:  Imagine there's a named pipe at a known location accessible during the early boot sequence.  The named pipe *acts as if* it was created by a process that wrote a single initial value to it, then waited for a single return value to be written back, closed the pipe, and exited.  That process would get the initial value from some private-and-accessible-only-to-itself persistent memory, and write the new value back to the same place.

That pipe would have the right semantics.  The conjectural process couldn't be implemented as a normal Unix process because (a) it would have to run too early; (b) the only persistent storage available to a Unix process is the file system; (c) there's no way to have a file accessible to exactly one process.  So you'd have to find a different way to hack that into boot.  But that seems easier than adding a whole new kind of file object to file systems, just to implement this one special file.

BTW, the Mac OS System Integrity Protection - which makes certain parts of the file system accessible only for reading, even to root, except to specifically entitled programs - would, with a minor extension (the ability to make some files inaccessible even for read) get you close to being able to implement what you want using an actual boot-time-started process.  (If I remember right, various access mechanisms in VMS would have made similar restrictions trivial to implement 20+ years ago.)

                                                        -- Jerry



More information about the cryptography mailing list