![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com Date: Wed, 06 Nov 2013 23:16:13 -0700 From: John Denker <jsd@av8n.com> To: Jerry Leichter <leichter@lrw.com>, Cryptography <cryptography@metzdowd.com>, RNG mlist <rng@lists.bitrot.info> In-Reply-To: <96CE28AA-8C5A-4FF4-B9A5-4419B20E1B4B@lrw.com> Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com On 11/06/2013 09:16 PM, Jerry Leichter wrote: > = > I can think of one simple example: A CD Linux image > used precisely to conduct operations we want to keep secure. For > example, there's a suggestion that small businesses use exactly such > a thing to do their on-line banking, as their usual systems are way > too vulnerable to various kinds of malware (and small businesses have > been subject to attacks that bankrupted them). The CD itself can't > carry a seed, as it will be re-used repeatedly. It has to come up > quickly, and on pretty much any hardware, to be useful. You could > probably get something like Turbid in there - but there are plenty of > CD's around already that have little if anything. That's too contrived to hold my interest. Here's why: In most cases, the best advice is this: If you feel the urge to use read-only media and nothing else, lie down until the feeling goes away. = In the vast majority of cases, anything the small business owner could do with a "Live CD" could be done more conveniently =96 and = much more securely =96 using a USB flash drive. You can still boot = from a read-only partition if you choose, while still having a = read/write partition for storing seeds and other stuff that should = persist from one boot to the next. You should also consider running a =93host=94 system that in turn boots = a =93guest=94 system in snapshot mode. The guest system has all the = convenience of a read/write filesystem, together with the security = of knowing that the image goes back to its previous state on the = next reboot. (The host provides the randomness needed for seeding = the PRNG and for other purposes.) A further advantage is that the guest can be booted in non-snapshot = mode on special occasions, for instance to install high-priority = security-related software updates. That=92s tough to do on read-only = media. This assumes the Bad Guys have not already pwned the signing keys used to distribute updates........ Compared to trying to solve the problem within the constraints of a CD-only approach, the flash and/or VM solutions seem easier and = in every way better. =3D=3D=3D=3D I just now incorporated this point into my screed: http://www.av8n.com/computer/htm/secure-random.htm#sec-not-read-only _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |