On 3/21/06, [EMAIL PROTECTED] (Heyman, Michael) wrote:

>Gutterman, Pinkas, and Reinman have produced a nice as-built-specification and 
>analysis of the Linux 
>random number generator.
>>From <http://eprint.iacr.org/2006/086.pdf>:
>” Since randomness is often consumed in a multi-user environment, it makes 
>sense to generalize the BH 
>model to such environments. Ideally, each user should have its own 
>random-number generator, and these 
>generators should be refreshed with different data which is all derived from 
>the entropy sources 
>available to the system (perhaps after going through an additional PRNG). This 
>architecture should 
>prevent denial-of-service attacks, and prevent one user from learning about 
>the randomness used by 
>other users

One of my pet peeves: The idea that the "user" is the proper atom of
protection in an OS.

My threat model includes different programs run by one (human) user.  If
a Trojan, running as part of my userID, can learn something about the
random numbers harvested by my browser/gpg/ssh etc., then it can start
to attack the keys used by those applications, even if the OS does a
good job of keeping the memory spaces separate and protected.

Cheers - Bill

Bill Frantz        | The first thing you need   | Periwinkle 
(408)356-8506      | when using a perimeter     | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter.    | Los Gatos, CA 95032

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to