| |||||||||||||
|
| |||||||||||||
Impact of the Debian OpenSSL vulnerabilityImpact of the Debian OpenSSL vulnerabilityPosted May 18, 2008 6:49 UTC (Sun) by muwlgr (guest, #35359)In reply to: Impact of the Debian OpenSSL vulnerability by welinder Parent article: Impact of the Debian OpenSSL vulnerability
gettimeofday gives you more entropy than getpid. One could add contents of some /proc files to the mix (like: interrupts, meminfo, vmstat, diskstats, ...). No need to read unitialized data at all.
(Log in to post comments)
Impact of the Debian OpenSSL vulnerability Posted May 19, 2008 4:17 UTC (Mon) by gdt (subscriber, #6284) [Link] gettimeofday gives you more entropy than getpid. Many certificates have an expiry date typically some whole years after generation. In those cases, gettimeofday() does not add entropy which cannot be calculated by an attacker. Entropy for key generation has to be random, unpredictable and not influenced by external events. That's harder to find then you would hope, which is why even a kernel-based entropy collector doesn't produce much of it. Using /proc/interrupts would not meet that requirement. At the least you would need to exclude interrupts from the network card (externally influenced) and from the quantum timer (predictable). Even then the attacker knows the value is monotonically increasing. The time of arrival of selected interrupts is a better source of entropy. But if you imagine the attacker holds an account on the same multiuser machine even that isn't too unpredictable. In short, this is a problem which looks easy on the surface but is a nightmare when closely examined.
|
|
||||||||||||