Full Disclosure mailing list archives

Re: DakaRand

From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 19 Aug 2012 18:51:43 -0400

On Sun, Aug 19, 2012 at 6:12 PM, Dan Kaminsky <dan () doxpara com> wrote:



On Sun, Aug 19, 2012 at 3:03 PM, Ben Laurie <ben () links org> wrote:


On Sun, Aug 19, 2012 at 9:28 PM, Dan Kaminsky <dan () doxpara com> wrote:


On Sun, Aug 19, 2012 at 10:13 AM, Ben Laurie <ben () links org> wrote:


On Sun, Aug 19, 2012 at 5:42 PM, Dan Kaminsky <dan () doxpara com> wrote:

entropy gathering has gotten *worse* (via abandonment of interrupts),
not
better.


Entropy gathering in _one particular OS_. Credit where its due, please.



My understanding is that bad keys were detected on more than just Linux,
which implies starvation on everything on everything not out of Redmond.

What interesting approaches are you aware of that deserve credit?  Not a
rhetorical question, I'm genuinely curious.


I was referring to the abandonment of interrupts in Linux. You think
that other OSes have got worse at entropy gathering? And when did
"more than Linux" start implying "not Windows"?



My assumption is that the other Unixes weren't looking at interrupt timing
to begin with, i.e. they've always been as starved for entropy as Linux
eventually became.  That being said, does VXWorks even *have* an OS provided
strong random number generator?

Windows has CryptGenRandom, which AFAIK doesn't block, and survives
everything but VM suspend/restore.


A bit dated:
* Analysis of the Linux Random Number Generator, eprint.iacr.org/2006/086.pdf
* Cryptanalysis of the Random Number Generator of the Windows
Operating System, eprint.iacr.org/2007/419.pdf

Most recent analysis of Linux RNG (AFAIK):
* Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network
Devices, https://factorable.net/paper.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: DakaRand Dan Kaminsky (Aug 19)
- Re: DakaRand Ben Laurie (Aug 19)
  - Re: DakaRand Jeffrey Walton (Aug 19)
  - Re: DakaRand Dan Kaminsky (Aug 19)
    - Re: DakaRand Ben Laurie (Aug 19)
    - Re: DakaRand Dan Kaminsky (Aug 19)
    - Re: DakaRand Jeffrey Walton (Aug 19)
    - Re: DakaRand Ben Laurie (Aug 20)
    - Re: DakaRand Dan Kaminsky (Aug 20)
    - Re: DakaRand Ben Laurie (Aug 20)
    - Re: DakaRand Paul Schmehl (Aug 20)
    - Re: DakaRand Dan Kaminsky (Aug 20)
    - Re: DakaRand Giles Coochey (Aug 20)
    - Re: DakaRand Paul Schmehl (Aug 20)
    - Re: DakaRand Dan Kaminsky (Aug 20)
    - Re: DakaRand Paul Schmehl (Aug 20)