[Cryptography] RNG design principles
Jerry Leichter
leichter at lrw.com
Tue Nov 29 05:33:07 EST 2016
>> Hmm. Sounds kind of like a pipe, or a socket. The semantics is mainly already there, just not specifically as a file system.
> The context in which I brought up this question was the idea
> of storing secret information in the file system, in a new
> way that ensures this information can be read once...
Yes, of course. But the point I was making is that the user side of the semantics is pretty much already there. You don't need a file with special properties. You need something like a pipe that gets filled with information obtained from some form of persistent storage not otherwise accessible at all.
Put another way: Imagine there's a named pipe at a known location accessible during the early boot sequence. The named pipe *acts as if* it was created by a process that wrote a single initial value to it, then waited for a single return value to be written back, closed the pipe, and exited. That process would get the initial value from some private-and-accessible-only-to-itself persistent memory, and write the new value back to the same place.
That pipe would have the right semantics. The conjectural process couldn't be implemented as a normal Unix process because (a) it would have to run too early; (b) the only persistent storage available to a Unix process is the file system; (c) there's no way to have a file accessible to exactly one process. So you'd have to find a different way to hack that into boot. But that seems easier than adding a whole new kind of file object to file systems, just to implement this one special file.
BTW, the Mac OS System Integrity Protection - which makes certain parts of the file system accessible only for reading, even to root, except to specifically entitled programs - would, with a minor extension (the ability to make some files inaccessible even for read) get you close to being able to implement what you want using an actual boot-time-started process. (If I remember right, various access mechanisms in VMS would have made similar restrictions trivial to implement 20+ years ago.)
-- Jerry
More information about the cryptography
mailing list