|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com Date: Tue, 05 Nov 2013 06:45:09 -0600 From: Albert Lunde <atlunde@panix.com> To: Cryptography <cryptography@metzdowd.com> In-Reply-To: <20131105011629.GC26249@thunk.org> Cc: RNG mlist <rng@lists.bitrot.info> Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com On 11/4/2013 7:16 PM, Theodore Ts'o wrote: > On Mon, Nov 04, 2013 at 12:21:00PM -0700, John Denker wrote: > One of the reasons why we don't attempt to extract "true random bits" > and save them across a reboot is that even we had such bits that were > secure even if the underlying crypto primitives were compromised to a > fare-thee-well, once you write them to the file on the hard drive and > the OS gets shut down, there's no guarantee that an adversary might > not be able to read the bits while the OS is shut down. This seems to be a misplaced threat model. Once an adversary has physical access to a device sufficient to read a stored random seed, they have other ways to compromise the system. There may be no one-size-fits-all answer. Providing means to manage a random seed across reboots or provision it for a VM from a hypervisor seem like they could help important corner cases. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |