Re: Problem with random.c and PPC

Oliver Xymoron (oxymoron@waste.org)
Fri, 16 Aug 2002 19:29:29 -0500


On Fri, Aug 16, 2002 at 04:52:49PM -0400, Chris Friesen wrote:
> Oliver Xymoron wrote:
>
> > There is little to no reliably unpredictable data in network
> > interrupts and the current scheme does not include for the mixing of
> > untrusted sources. It's very likely that an attacker can measure,
> > model, and control such timings down to the resolution of the PCI bus
> > clock on a quiescent system. This is more than good enough to defeat
> > entropy generation on systems without a TSC and given that the bus
> > clock is a multiple of the processor clock, it's likely possible to
> > extend this to TSC-based systems as well.
>
> > Entropy accounting is very fickle - if you overestimate _at all_, your
> > secret state becomes theoretically predictable. I have some patches
> > that create an API for adding such hard to predict but potentially
> > observable data to the entropy pool without accounting it as actual
> > entropy, as well as cleaning up some other major accounting errors but
> > I'm not quite done testing them.
>
> The problem is this. If you have an embedded system that is
> headless, diskless, keyboardless, and mouseless, then your only
> remaining source of any interrupt-based entropy is the network.
> Also, if you add entropy to the pool without accounting it as
> entropy, then how does that help anything?

Yes, you _potentially_ improve the unpredictability of /dev/urandom
without throwing out the guarantees of /dev/random. There is exactly
one difference between urandom and random - guaranteed entropy (ignore
for the moment that it's currently completely buggered, I'm fixing
that.). If you need guaranteed entropy, then you _need_ an
unobservable entropy source. Period. Pretending network interrupts are
unpredictable is just pretending.

> For the general user, network-based interrupts are likely okay.

If that's really true, then /dev/urandom is okay too, _by
definition_. Use it.

-- 
 "Love the dolphins," she advised him. "Write by W.A.S.T.E.." 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/