Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760420AbXLREIw (ORCPT ); Mon, 17 Dec 2007 23:08:52 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751492AbXLREIm (ORCPT ); Mon, 17 Dec 2007 23:08:42 -0500 Received: from hawking.rebel.net.au ([203.20.69.83]:38191 "EHLO hawking.rebel.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751168AbXLREIm (ORCPT ); Mon, 17 Dec 2007 23:08:42 -0500 Message-ID: <476747DC.4040309@davidnewall.com> Date: Tue, 18 Dec 2007 14:39:00 +1030 From: David Newall User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070221 SeaMonkey/1.1.1 MIME-Version: 1.0 To: Theodore Tso , David Newall , Andy Lutomirski , John Reiser , Matt Mackall , linux-kernel@vger.kernel.org, security@kernel.org Subject: Re: /dev/urandom uses uninit bytes, leaks user data References: <20071214201305.GL19691@waste.org> <4762EB63.8070100@BitWagon.com> <20071214232322.GE17344@thunk.org> <47632010.6030709@BitWagon.com> <20071215043208.GF17344@thunk.org> <4766A40D.4080804@BitWagon.com> <20071217173623.GC7070@thunk.org> <476719E5.1010505@myrealbox.com> <20071218030533.GN7070@thunk.org> <47673AD8.9010702@davidnewall.com> <20071218034656.GR7070@thunk.org> In-Reply-To: <20071218034656.GR7070@thunk.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1275 Lines: 30 Theodore Tso wrote: > On Tue, Dec 18, 2007 at 01:43:28PM +1030, David Newall wrote: > >> On a server, keyboard and mouse are rarely used. As you've described it, >> that leaves only the disk, and during the boot process, disk accesses and >> timing are somewhat predictable. Whether this is sufficient to break the >> RNG is (clearly) a matter of debate. >> > > In normal operaiton, entropy is accumlated on the system, extracted > via /dev/urandom at shutdown, and then loaded back into the system > when it boots up. Thus, the entropy saved at shutdown can be known at boot-time. (You can examine the saved entropy on disk.) > If you have a server, the best thing you can do is use a hardware > random number generator, if it exists. Fortunately a number of > hardware platforms, such as IBM blades and Thinkpads, come with TPM > modules that include hardware RNG's. That's ultimately the best way > to solve these issues. Just how random are they? Do they turn out to be quite predictable if you're IBM? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/