Full Disclosure mailing list archives
Re: Working exploit for Debian generated SSH Keys
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Tue, 20 May 2008 13:41:41 -0400
Generating real pseudo-random streams is a hard problem which is way more than what people can handle. Usually, PRNGs are composed of various periodic elements which, in the end, all combined produce a repeating stream of pseudo-random numbers. OpenSSL uses a modified MAC for this as a state machine and extracts some state bits as random stream on every access.
Smoke Detector + Webcam = cheapo RNG http://inventgeek.com/Projects/alpharad/overview.aspx I know some highly secure operations (eg: web casinos, using Geiger counters and background radiation) use a version of this for their RNGs, and random.org does it with RF (radios listening to static) .. do patches exist for OpenSSL to use hardware devices? (short of a hack to take something like the above and pipe it to /dev/random, etc). Cheers, Michael Holstein Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Working exploit for Debian generated SSH Keys Markus Müller (May 14)
- Re: Working exploit for Debian generated SSH Keys bob harley (May 18)
- Re: Working exploit for Debian generated SSH Keys Fredrick Diggle (May 18)
- Re: Working exploit for Debian generated SSH Keys reepex (May 18)
- Re: Working exploit for Debian generated SSH Keys Ronald van der Westen (May 19)
- Re: Working exploit for Debian generated SSH Keys nicolas vigier (May 19)
- Re: Working exploit for Debian generated SSH Keys Skratz0r (May 19)
- Re: Working exploit for Debian generated SSH Keys Garrett M. Groff (May 19)
- Re: Working exploit for Debian generated SSH Keys Tonnerre Lombard (May 20)
- Re: Working exploit for Debian generated SSH Keys Michael Holstein (May 20)
- Re: Working exploit for Debian generated SSH Keys Tonnerre Lombard (May 23)
- Re: Working exploit for Debian generated SSH Keys Garrett M. Groff (May 20)
- Re: Working exploit for Debian generated SSH Keys Valdis . Kletnieks (May 20)
- Re: Working exploit for Debian generated SSH Keys bob harley (May 18)