On 04/01/10 16:59, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
There is already some crypto imported for password support so adding
enough to have SSL would hopefully not be too difficult.
Not true. Although we have ciphers and hashes we don't have either
asymetric algorithms or random generator. The first is easy to import
but generating random numbers involves gathering entropy which is
cornerstone of network cryptography. Without a good random number
generator most SSL algorithms will only make the user happier without
adding any security against attacker.
Is it reasonable to generate some random data during grub-install, and
write it to the disk, where GRUB will then use it? Maybe in combination
with real-time clock, this can be good enough initial entropy? (But I
have not consulted with security research--this is just a guess.)
-Isaac
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
