On 21/02/12 04:22 AM, Thierry Moreau wrote:
Ben Laurie wrote:
On Sun, Feb 19, 2012 at 05:57:37PM +0000, Ben Laurie wrote:
In any case, I think the design of urandom in Linux is flawed and
should be fixed.
In FreeBSD random (and hence urandom) blocks at startup, but never again.
...
The mental model for authentication key generation operation should
reflect the fact that "it requires the computer to roll dice very
secretly for your protection, but the computer is very poor at this type
of dice rolling -- it may thus take time and/or require you to input
anything on the keyboard/mouse/touchscreen until adequate dice shaking
simulation has been achieved".
If security experts are not prepared to face this fact -- true random
data collection and associated entropy assessment can not be made
intrinsic to a computer system -- we are unjustified to expect OS
suppliers to provide a magic fix, or software developers to take the
liberty to solve an issue which is seldom stated.
I think I agree. I'd characterise it as like this: if you don't care
that much, it's good enough. If you care an awful lot, you have to do
it yourself anyway. The solutions out there seem aligned with that
needs curve.
In this perspective, the root cause for the RSA modulus GCD findings is
the security experts inability to recognize and follow-up the
ever-present challenges of secret random data generation. As such, the
Linux design is seldom at stake.
Yeah. There is an inability on the part of some security people and all
the media to accept that some designers have accepted a risk rather than
stomp it dead.
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
