Bugtraq mailing list archives
Re: /dev/random is probably not
From: Darren Reed <avalon () caligula anu edu au>
Date: Wed, 6 Jul 2005 01:00:27 +1000 (Australia/ACT)
In some mail from exon, sie said:
* If this estimate goes to zero, the routine can still generate * random numbers; however, an attacker may (at least in theory) be * able to infer the future output of the generator from prior * outputs. This requires successful cryptanalysis of SHA, which is * not believed to be feasible, but there is a remote possibility. * Nonetheless, these numbers should be useful for the vast majority * of purposes.
Judging by nmap evaluation of the ip-stack, OpenBSD and FreeBSD have very strong PRNG's as well. I haven't got access to a NetBSD system to test with.
nmap is not a good measure of this problem. Linux cited using keyboard interrupts. How many of those happen on a web server in a rack, in an air conditioned computer room somewhere ? How many happen when you open up your web browser and select your internet banking web site from your bookmarks? The original email pointed out that disk seek times may not be quite as random as previously thought, especially with compact flash and similar mediums. In the case of polled I/O (for 1Gb+ NICs), is there any entropy gained from network IRQ serving? What the original article was getting at is that perhaps not all of the information you think of as random information going into your PRNG is actually random. If that happens then even though the output of the PRNG "looks random", it may be predictable. Darren
Current thread:
- /dev/random is probably not Charles M. Hannum (Jul 01)
- Re: /dev/random is probably not Thomas Wana (Jul 02)
- Re: /dev/random is probably not McLain Causey (Jul 04)
- Re: /dev/random is probably not Chiaki (Jul 02)
- Re: /dev/random is probably not exon (Jul 04)
- Re: /dev/random is probably not Darren Reed (Jul 05)
- Re: /dev/random is probably not devnull (Jul 06)
- Re: /dev/random is probably not Thomas (Jul 06)
- Re: /dev/random is probably not Darren Reed (Jul 06)
- Re: /dev/random is probably not Thomas (Jul 06)
- Re: /dev/random is probably not Kai Howells (Jul 08)
- Re: /dev/random is probably not Stefan Bethke (Jul 08)
- Re: /dev/random is probably not exon (Jul 04)
- Re: /dev/random is probably not Francesco Messineo (Jul 12)
- Re: /dev/random is probably not Thomas Wana (Jul 02)
- Re: /dev/random is probably not Anton Ivanov (Jul 05)
- Re: /dev/random is probably not devnull (Jul 06)