[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a small C program to test xdm's /dev/mem reading on your architecture



On Mon, Aug 26, 2002 at 08:16:06PM +0100, Matthew Wilcox wrote:
> On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
> > Also, reading /dev/mem doesn't sound very secure at all (even if it works)
> > because the patterns in the memory of a computer are probably predictable
> > and a lot of information can be observed from the outside (which processes
> > are running etc).
> 
> why do you assume that xdm uses the raw result from /dev/mem?

I don't.  That would be obviously too foolish.  It would also not make sense
by Branden's original mail which clearly stated that xdm can read several
megabytes from /dev/mem.  I assume they do this because they know that
/dev/mem doesn't contain much entropy, and as such they try to get enough
randomness squeezed out of it by reading more and more of it.  This is a
dubious approach.

> running,
> say, md5 over the results would give you something as close to random
> as i doubt you could find a difference.

You are mistaken.  Do yourself a favour and get a book about (pseudo)
random number generators, entropy, hash functions and cryptography.
If you don't start with random numbers, you can turn the numbers upside
down, it won't get any more random than what you started with.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    marcus@gnu.org
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de/



Reply to: