[Cryptography] OpenSSL CSPRNG work
Michael Kjörling
michael at kjorling.se
Sat Jul 1 17:32:50 EDT 2017
On 28 Jun 2017 17:03 -0700, from ron at flownet.com (Ron Garret):
> Having an attacker insert a back door into a /dev/urandom driver is
> not an unreasonable threat model for some people.
Another way of putting this would probably be:
"Having an attacker inserting a back door into an operating system
kernel is not an unreasonable threat model for some people."
That might be true, particularly for some values of "some people".
(Yes, there are ways that might work to backdoor /dev/urandom that
don't involve fiddling with the kernel. But unless you are horribly
incompetent, all of those should still require either root privileges
on the system in question, or physical access. In both of those cases,
if someone really _wants_ to mess with you, you are pretty much
screwed _anyway_, with or without OpenSSL.)
But is that really a threat that OpenSSL should try to defend against?
Is it even something that OpenSSL meaningfully _can_ defend against?
If you can't even trust the operating system kernel, then why should
you trust OpenSSL running on top of that kernel? Why should you trust
_anything_ running on top of that kernel?
If your threat model legitimately includes people messing with the
random number generator in the kernel in order to exfiltrate data,
then maybe you shouldn't be running security-critical stuff on
$2/month OpenVZ VPSes...
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the cryptography
mailing list