Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: /dev/random is probably not
From: Darren Reed <avalon () caligula anu edu au>
Date: Wed, 6 Jul 2005 01:00:27 +1000 (Australia/ACT)

In some mail from exon, sie said:
  * If this estimate goes to zero, the routine can still generate
  * random numbers; however, an attacker may (at least in theory) be
  * able to infer the future output of the generator from prior
  * outputs.  This requires successful cryptanalysis of SHA, which is
  * not believed to be feasible, but there is a remote possibility.
  * Nonetheless, these numbers should be useful for the vast majority
  * of purposes.

Judging by nmap evaluation of the ip-stack, OpenBSD and FreeBSD have 
very strong PRNG's as well. I haven't got access to a NetBSD system to 
test with.

nmap is not a good measure of this problem.

Linux cited using keyboard interrupts.  How many of those happen on
a web server in a rack, in an air conditioned computer room somewhere ?
How many happen when you open up your web browser and select your
internet banking web site from your bookmarks?

The original email pointed out that disk seek times may not be quite
as random as previously thought, especially with compact flash and
similar mediums.

In the case of polled I/O (for 1Gb+ NICs), is there any entropy
gained from network IRQ serving?

What the original article was getting at is that perhaps not all of
the information you think of as random information going into your
PRNG is actually random.  If that happens then even though the
output of the PRNG "looks random", it may be predictable.

Darren


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]