To: linux-kernel@vger.kernel.org
Path: not-for-mail
From: daw@mozart.cs.berkeley.edu (David Wagner)
Newsgroups: isaac.lists.linux-kernel
Subject: Re: [RFC][PATCH] Make cryptoapi non-optional?
Date: Mon, 11 Aug 2003 19:21:01 +0000 (UTC)
Organization: University of California, Berkeley
Distribution: isaac
Message-ID: <bh8qat$d7i$1@abraham.cs.berkeley.edu>
References: <20030809173329.GU31810@waste.org> <20030811020919.GD10446@mail.jlokier.co.uk> <bh77pp$rhq$1@abraham.cs.berkeley.edu> <20030811053602.GL10446@mail.jlokier.co.uk>
NNTP-Posting-Host: mozart.cs.berkeley.edu
NNTP-Posting-Date: Mon, 11 Aug 2003 19:21:01 +0000 (UTC)
Originator: daw@mozart.cs.berkeley.edu (David Wagner)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1022
Lines: 16

Jamie Lokier  wrote:
>It may be that an attacker knows about a systemic problem with our
>machine that we don't know about.  For example the attacker might know
>our pool state well enough shortly after boot time, to have a chance
>at matching a dictionary of 2^32 hashes.  The attacker might have had
>a chance to read our disk, which reseeding the pool at boot time does
>not protect against.
>
>With the right algorithm, we can protect against weaknesses of this kind.

How?  No matter what we do, the outputs are going to be a deterministic
function of the state of the pool.  If the attacker can guess the entire
state of our pool (or narrow it down to 2^32 possibilities), we're screwed,
no matter what.  Right?

I must be misunderstanding your point.  What am I missing?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/