urandom vs haveged
Glen Turner
gdt at gdt.id.au
Sun Apr 1 10:41:47 UTC 2012
The risk is reading unused blocks using the drive's hardware. Those
unused blocks may contain user data, operating system state, or a covert
channel allowing data or state to be inferred.
The response is to overwrite all of the disk with some value.
The random number generator is a higher risk means to provide that value
than writing a fixed value.
Firstly, it is difficult to test that the operation has succeeded.
Whereas the operation of writing a fixed value is simple to verify.
Secondly, the operation of the random number generator itself is
difficult to test.
In general, non-cryptographers see random numbers as some sort of magic
sauce whereas cryptographers see "random numbers" as a lever to crack
open the machine state. Random numbers are invaluable for forcing
attackers to search an entire state. But where they are not needed they
should not be used, since if you don't provide a lever than an attacker
can't push against it. Keeping a large sample on permanent storage of
"random numbers" generated by that very machine is providing a very
large lever to push against any flaw.
--
Glen Turner <http://www.gdt.id.au/~gdt/>
More information about the devel
mailing list