On 3/21/06, [EMAIL PROTECTED] (Heyman, Michael) wrote: >Gutterman, Pinkas, and Reinman have produced a nice as-built-specification and >analysis of the Linux >random number generator. > >>From <http://eprint.iacr.org/2006/086.pdf>: > >... > >” Since randomness is often consumed in a multi-user environment, it makes >sense to generalize the BH >model to such environments. Ideally, each user should have its own >random-number generator, and these >generators should be refreshed with different data which is all derived from >the entropy sources >available to the system (perhaps after going through an additional PRNG). This >architecture should >prevent denial-of-service attacks, and prevent one user from learning about >the randomness used by >other users
One of my pet peeves: The idea that the "user" is the proper atom of protection in an OS. My threat model includes different programs run by one (human) user. If a Trojan, running as part of my userID, can learn something about the random numbers harvested by my browser/gpg/ssh etc., then it can start to attack the keys used by those applications, even if the OS does a good job of keeping the memory spaces separate and protected. Cheers - Bill --------------------------------------------------------------------- Bill Frantz | The first thing you need | Periwinkle (408)356-8506 | when using a perimeter | 16345 Englewood Ave www.pwpconsult.com | defense is a perimeter. | Los Gatos, CA 95032 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
