[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSP for Debian unstable. was Re: security enhanced debian branch?


On Mon, Jan 05, 2004 at 05:44:59PM +1100, Russell Coker wrote:
> If an application deserves access to /dev/urandom should they also deserve 
> access to /dev/random?
I have no strong opinion about this, but your explanation
below seem to suggest a "no" to me.  But then the question
may be not so relevant.  The problem description, again
from the kernel sources, is:

    If this estimate [for the remaining entropy] goes to zero, the
    routine can still generate random numbers; however, an attacker
    may (at least in theory) be able to infer the future output of the
    generator from prior outputs.  This requires successful
    cryptanalysis of SHA, which is not believed to be feasible, but
    there is a remote possibility. ...

So if restricting access to /dev/random causes problems, it
may not be worth the trouble.

> It seems to me that an application which wanted to drain the entropy pool 
> could just schedule reads from /dev/random and know it's done the job when it 
> starts to block.  In 2.6.0 it seems that this does not cause any noticable 
> use of CPU time or any other symptom that would lead an administrator to 
> suspect such an attack.  Reading from /dev/urandom leads to high CPU use, and 
> even so it will be difficult for an attacker to know that they have 
> succeeded.


Attachment: signature.asc
Description: Digital signature

Reply to: