[24647] in cryptography@c2.net mail archive
Re: Linux RNG paper
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu May 4 14:03:08 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 4 May 2006 13:06:38 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: markus reichelt <ml@mareichelt.de>
Cc: cryptography@metzdowd.com
In-Reply-To: <20060504161409.GE3875@dantooine>
On Thu, 04 May 2006 18:14:09 +0200, markus reichelt <ml@mareichelt.de>
wrote:
> * "Travis H." <solinym@gmail.com> wrote:
>
> > 1) In the paper, he mentions that the state file could be altered
> > by an attacker, and then he'd know the state when it first came up.
> > Of course, if he could do that, he could simply install a trojan in
> > the OS itself, so this is not really that much of a concern. If
> > your hard drives might be altered by malicious parties, you should
> > be using some kind of cryptographic integrity check on the contents
> > before using them. This often comes for free when encrypting the
> > contents.
>
> Agreed; but regarding unix systems, I know of none crypto
> implementation that does integrity checking. Not just de/encrypt the
> data, but verify that the encrypted data has not been tampered with.
>
See "Space-Efficient Block Storage Integrity", Alina Oprea, Mike Reiter,
Ke Yang, NDSS 2005,
http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/storageint.pdf
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
