[149297] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (John Gilmore)
Sun Feb 2 16:03:29 2014
X-Original-To: cryptography@metzdowd.com
To: Jerry Leichter <leichter@lrw.com>
In-reply-to: <EE35F422-34A6-45AD-8915-A25F1B8FDA91@lrw.com>
Date: Sun, 02 Feb 2014 19:34:47 -0800
From: John Gilmore <gnu@toad.com>
Cc: Bill Stewart <bill.stewart@pobox.com>, cryptography@metzdowd.com,
"James A. Donald" <Jamesd@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
So, if an attacker running malware in a hypervisor (or SMM) knew you
were depending on disk drive timings for the random numbers that
create your encryption keys, how easily could they attack you by
rigidizing those interrupt timings, e.g. delaying your virtual machine
interrupts at to the next even 1/60th of a second?
How much easier would this be if they could read the source code for
your "extract entropy from disk drive timings" code, and even adapt
their malware's behavior to various versions of that widely deployed code?
John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
