Jeroen C. van Gelderen wrote:
> Dan Moschuk wrote:
> >
> > I don't see how. If the attacker has physical access to the machine, there
> > are plenty worse things to be done than just reading the state of a PRNG.
> >
> > If the random device is initialized in single user mode, and the file is
> > then unlink()ed, I don't see any problems with that.
>
> You generate a new PGP keypair and start using it. Your
> co-worker reboots your machine afterwards and recovers
> the PRNG state that happens to be stashed on disk. He
> can then backtrack and potentially recover the exact same
> random numbers that you used for your key.
>
I don't follow your logic.
A normal boot/shutdown sequence would be:
(1) power on (or shutdown -r)
(2) in single-user mode
(a) read /dev/saved_entropy into buffer
(b) unlink /dev/saved_entropy
(c) create /dev/saved_entropy with all zeros
(d) test contents in buffer against all zeros
(I) buffer contents is different from all zeros;
initialize entropy pool
(II) buffer contents matches all zeros; use
a fall-back method.
(3) go multi-user
(4) normal shutdown
(a) kick everybody off system
(b) kill off daemons
(c) umount all partitions except the partition with /dev
(c) save entropy to /dev/saved_entropy
(d) umount partition with /dev
After a crash or panic, the system reboots. Step 2(c) has
left a finger print to test for valid saved entropy. If all
zeros are found use a suitable fallback method to stir the
entropy.
I don't see how co-worker can do what you suggest. And, if
he can easily reboot your system, you have other problems to
worry about.
--
Steve
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message