On Oct 8, 2012, at 6:20 PM, Christoph Anton Mitterer <[email protected]> wrote:
> Hi David. > > Long time ago, the following[0] ;) > > I recently stumbled across that question again,... when I deployed > haveged on our faculty's HPC cluster... > So I've asked[1] around at lkml, whether a malicious (or just bad) > entropy source could spoil the kernel's RNG. > > Ted Ts'o, who currently maintains that part said (see the thread) he > wouldn't know any way how that could be done, but... > > > On Thu, 2009-09-10 at 22:35 -0400, David Shaw wrote: >>> 3) One problem with such devices is,.. that one can never know (well >>> at >>> least normal folks like me) how good they actually are. >>> If this company would be evil (subsidiary of NSA or so) they could >>> just >>> sell bad devices that produce poor entropy thus rendering our >>> (symmetric >>> and asymmetric) keys, signatures etc. "useless". Right? >> >> Not completely useless given the Linux random design, but certainly an >> evil source of entropy would be a serious problem. Do you have any >> reason to believe this device is evil? There are many random number >> generators on the market. Knowing which ones are evil would be handy ;) > ... your reply seems to somehow imply that it could... > > So he (and I) wondered for the reasons :) The message is from three years ago, so I'm honestly not sure where I was going with that thought at the time. Most likely, I was thinking about someone using an evil device for entropy directly rather than through a /dev/random that deals with the evil source case. To be clear: I do not know of some way an evil input can somehow subvert the output of /dev/random on Linux. My understanding was that it was designed to prevent that. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
