On Tue, Aug 08, 2000 at 01:39:35PM -0400, Theodore Y. Ts'o wrote:
> Date: Tue, 8 Aug 2000 16:04:13 +0200
> From: "Andi Kleen" <ak@suse.de>
>
> I'm not sure. One possible attack would be to try to change your
> entropy pool by sending packets in the right frequency, also
> e.g. regular broadcasts may not have enough jitter. One possible fix
> for that would be to use a secure random generator with a secret that
> selects which packets to get information from etc, but there may be
> again attacks with that.
>
> Actually, that isn't the real disaster. The real worry here is if an
> attacker can break into a machine on your local network and using
> tcpdump, and then be able to guestimate what the inputs to your entropy
> pool is based on the network interrupts. Given that the pentium cycle
> counter is mixed in, this is actually pretty difficult, but it's really
> matter of how paranoid you are.
That wouldn't happen when you were using a secure PRNG to select the
interrupts to get data from, or ? You just have to make sure that the
PRNG initial state is not seeded from the network or anything else the
attacker could guess.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:15 EST