[148069] in cryptography@c2.net mail archive
[Cryptography] suggestions for very very early initialization of
daemon@ATHENA.MIT.EDU (John Denker)
Thu Nov 7 01:16:57 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 06 Nov 2013 23:16:13 -0700
From: John Denker <jsd@av8n.com>
To: Jerry Leichter <leichter@lrw.com>,
Cryptography <cryptography@metzdowd.com>, RNG mlist <rng@lists.bitrot.info>
In-Reply-To: <96CE28AA-8C5A-4FF4-B9A5-4419B20E1B4B@lrw.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 11/06/2013 09:16 PM, Jerry Leichter wrote:
> =
> I can think of one simple example: A CD Linux image
> used precisely to conduct operations we want to keep secure. For
> example, there's a suggestion that small businesses use exactly such
> a thing to do their on-line banking, as their usual systems are way
> too vulnerable to various kinds of malware (and small businesses have
> been subject to attacks that bankrupted them). The CD itself can't
> carry a seed, as it will be re-used repeatedly. It has to come up
> quickly, and on pretty much any hardware, to be useful. You could
> probably get something like Turbid in there - but there are plenty of
> CD's around already that have little if anything.
That's too contrived to hold my interest. Here's why:
In most cases, the best advice is this:
If you feel the urge to use
read-only media and nothing else,
lie down until the feeling goes away. =
In the vast majority of cases, anything the small business owner
could do with a "Live CD" could be done more conveniently =96 and =
much more securely =96 using a USB flash drive. You can still boot =
from a read-only partition if you choose, while still having a =
read/write partition for storing seeds and other stuff that should =
persist from one boot to the next.
You should also consider running a =93host=94 system that in turn boots =
a =93guest=94 system in snapshot mode. The guest system has all the =
convenience of a read/write filesystem, together with the security =
of knowing that the image goes back to its previous state on the =
next reboot. (The host provides the randomness needed for seeding =
the PRNG and for other purposes.)
A further advantage is that the guest can be booted in non-snapshot =
mode on special occasions, for instance to install high-priority =
security-related software updates. That=92s tough to do on read-only =
media.
This assumes the Bad Guys have not already pwned
the signing keys used to distribute updates........
Compared to trying to solve the problem within the constraints of
a CD-only approach, the flash and/or VM solutions seem easier and =
in every way better.
=3D=3D=3D=3D
I just now incorporated this point into my screed:
http://www.av8n.com/computer/htm/secure-random.htm#sec-not-read-only
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography