[147736] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (John Denker)
Fri Oct 18 19:36:48 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 18 Oct 2013 16:02:21 -0700
From: John Denker <jsd@av8n.com>
To: cryptography@metzdowd.com
In-Reply-To: <1382128394.16207.38.camel@heisenberg.scientia.net>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/18/2013 01:33 PM, Christoph Anton Mitterer quoted me as saying:
>>> Blocking /dev/urandom is a bad idea.
Could we please quote a little more of the context?
What I actually said on 10/18/2013 11:54 AM was:
>> Blocking /dev/urandom is a bad idea. Providing a good seed is the key.
On 10/18/2013 01:33 PM, Christoph Anton Mitterer continued:
> Why? If the system is correctly set up, a good seed should be loaded and
> no problem will arise.
> If not, it's better to have failing programs or even a completely broken
> system, than one that does insecure things.
1) As to the question of "why", here are some partial answers:
a) If it doesn't block, it might not be secure.
If it does block, it won't get used. Application
developers will roll their own PRNGs which leaves us
in some ways worse off and in no ways better off.
b) I've built plenty of systems where the only way in is
via SSH. If necessary, I can set up a one-foot-long
network air-gapped from the rest of the world, and SSH
in that way ... so long as the thing is not blocking.
2) Remember what I said originally: Providing a good seed is the key.
If you provide a good seed, it doesn't need to block.
3) You can run turbid, so there is always lots of entropy
available, more than enough for reseeding your PRNGs.
4) In this business there is a proverb: If you ask
whether the system is "secure", the answer is no.
If you want any other answer, you need to specify
your threat model in some detail, and then decide
how much risk you can tolerate, and what kind(s)
of risk.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography