LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LCE: Don't play dice with random numbers

LCE: Don't play dice with random numbers

Posted Nov 23, 2012 9:38 UTC (Fri) by etienne (subscriber, #25256)
In reply to: LCE: Don't play dice with random numbers by dirtyepic
Parent article: LCE: Don't play dice with random numbers

It is probably possible to make a security software believe the assembly instruction to get a random value is present in the processor, but in fact it will trap and a trojan will give you a fully predictable value which only looks random.

(Log in to post comments)

LCE: Don't play dice with random numbers

Posted Nov 23, 2012 20:03 UTC (Fri) by nix (subscriber, #2304) [Link]

I suspect you'd need root and/or kernel mode or virtualization to set up such a trap, upon which all bets are off anyway (it could just e.g. ptrace() the process and replace the rdrand with a straight mov or call to attacker-controlled code).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds