Jeroen C. van Gelderen wrote:
> Dan Moschuk wrote:
> > 
> > I don't see how.  If the attacker has physical access to the machine, there
> > are plenty worse things to be done than just reading the state of a PRNG.
> > 
> > If the random device is initialized in single user mode, and the file is
> > then unlink()ed, I don't see any problems with that.
> You generate a new PGP keypair and start using it. Your
> co-worker reboots your machine afterwards and recovers 
> the PRNG state that happens to be stashed on disk. He 
> can then backtrack and potentially recover the exact same
> random numbers that you used for your key.

I don't follow your logic.

A normal boot/shutdown sequence would be:
  (1) power on (or shutdown -r)
  (2) in single-user mode
      (a) read /dev/saved_entropy into buffer
      (b) unlink /dev/saved_entropy
      (c) create /dev/saved_entropy with all zeros
      (d) test contents in buffer against all zeros
          (I)  buffer contents is different from all zeros;
               initialize entropy pool
          (II) buffer contents matches all zeros; use
               a fall-back method.
  (3) go multi-user   
  (4) normal shutdown
      (a) kick everybody off system
      (b) kill off daemons
      (c) umount all partitions except the partition with /dev
      (c) save entropy to /dev/saved_entropy
      (d) umount partition with /dev

After a crash or panic, the system reboots.  Step 2(c) has
left a finger print to test for valid saved entropy.  If all
zeros are found use a suitable fallback method to stir the

I don't see how co-worker can do what you suggest.  And, if
he can easily reboot your system, you have other problems to
worry about.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to