[147752] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (James A. Donald)
Sat Oct 19 16:46:40 2013
X-Original-To: cryptography@metzdowd.com
Date: Sun, 20 Oct 2013 06:37:14 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <5262B7EA.7050300@av8n.com>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 2013-10-20 02:48, John Denker wrote:
> Uhhh, that's the answer to a different question. We agree that the
> amount of available entropy is "small". My point is that it is too small.
It is too small for a short period after boot up.
Which is causing problems, in that we see significant key duplication
and common factors.
And, after that short period, forever afterwards, ample.
Any system that needs crypto, communicates. Any system that
communicates, sees events whose details are difficult to predict for
anyone not in physical possession of the system.
Solution: Block for a short period after startup. Possibly a small
number of systems will freeze up and fail to boot. This is almost
always fixable by moving the blocking process in the bootup so that it
no longer blocks other processes while it is blocked waiting for
/dev/urandom, while /dev/urandom is blocked waiting for entropy.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography