> > It is a Yarrow-mandated procedure. Please read the Yarrow paper.
> Actually, it's not. You don not want to save the exact 
> PRNG state to disk, ever. It's not Yarrow mandated 
> procedure but a big security hole. 

Section 2.1, last paragraph:
"If a system is shut down, and restarted, it is desirable to store some
high-entropy data (such as the key) in non-volatile memory. This allows
the PRNG to be restarted in an unguessable state at the next restart. We
call this data the reseed file."

Perhaps "mandated" was a bit strong; "desired" might be better.

> That said, you do not write out the state of the PRNG,
> you write out a couple of blocks of output from which 
> the state cannot be derived. That *is* okay and that's
> what you are doing. 

Writing the 256-bit key would have been OK according to the paper.

> And just for completeness: it's not mandatory to do so.
> I don't know where you read that in the paper.

See above.

> > If they can do that, they have either the console (==root) or they have
> > root. Either way, who cares what they know about your machine, they have
> > the whole darn thing :-O.
> Someone may well compromise your randomness source without 
> you noticing. And read your PGP mail for the coming couple 
> of years because your PGP key was compromised without you 
> noticing. Perfect Trojan horse to write for the FBI, IRS,
> anyone who doesn't like you. Oops.

Sure; we neet to be appropriately paranoid about that, but let's not
get ridiculous. The seed file could certainly use some decent protection,
but unfortunately, PC architectures don't come with SIMcards or the like.

Mark Murray
Join the anti-SPAM movement: http://www.cauce.org

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to