[Cryptography] RNG design principles
Ralf Senderek
crypto at senderek.ie
Tue Nov 29 06:53:22 EST 2016
On Tue, 29 Nov 2016, Jerry Leichter wrote:
> The conjectural process couldn't be implemented as a
> normal Unix process because [...]
>
> So you'd have to find a different way to hack that into boot.
> But that seems easier than adding a whole new kind of file object
> to file systems, just to implement this one special file.
BTW, my humble hack, using the ordinary file system to implement
the desired behaviour can be found here:
https://crypto-bone.com/release/root/init.d/cryptoboned
https://crypto-bone.com/release/root/src/cryptoboned.c
And I'd really like to replace this with a proper kernel enforced
use of a secure read-once file. That's why I'm interested to
know if such a thing could be implemented (with the prospect to
become a reality).
--ralf
More information about the cryptography
mailing list