Isaac Dupree wrote: > On 04/01/10 16:59, Vladimir 'φ-coder/phcoder' Serbinenko wrote: >>> There is already some crypto imported for password support so adding >>> enough to have SSL would hopefully not be too difficult. >>> >> Not true. Although we have ciphers and hashes we don't have either >> asymetric algorithms or random generator. The first is easy to import >> but generating random numbers involves gathering entropy which is >> cornerstone of network cryptography. Without a good random number >> generator most SSL algorithms will only make the user happier without >> adding any security against attacker. > > Is it reasonable to generate some random data during grub-install, and > write it to the disk, where GRUB will then use it? It is possible but there following problems: 1) This file has to be kept secret. In cases when one can be reasonably sure GRUB wasn't tempered with but isn't sure it's still secret (e.g. distribution of signed file), it's pretty much useless. 2) You can never ever use same entropy twice. So you will need to save some kind of pointer where the last used entropy is. And when all entropy was used we're back at square one. It's possible to save the random number generator state instead but then random number isn't often reseeded and so the smallest flaw in its algorithm is relatively easily usable. > Maybe in combination with real-time clock, Point of random numbers is being unpredictable. RTC is predictable as a clock.
-- Regards Vladimir 'φ-coder/phcoder' Serbinenko
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
