1 |
Mick <michaelkintzios <at> gmail.com> writes: |
2 |
|
3 |
> What if the |
4 |
> RNG you use on your PC is either backdoored by Intel (if hardware |
5 |
> generated), or it has such a low entropy that it is trivial to |
6 |
> crack its algorithmic derivatives. |
7 |
|
8 |
Rest easy here. ALL commercial hardware is "backdoor" at the silicon layer, |
9 |
not only by US interests, but various others, with extreme amounts of |
10 |
financial resources. That is a whole other topic. If you want to fix that, |
11 |
you'd better plan on building up, from a FPGA or such. [1] |
12 |
|
13 |
|
14 |
I usually do not work about such powerful forces as they usually "police" |
15 |
their own. If you are part of an anarchy, terrorist to looking to supplant |
16 |
those folks, then you have to worry about them. I'm more concerned with the |
17 |
petty criminals, interlopers, and script_kiddies who destroy things for fun. |
18 |
So hardwware comprises, although fully acknowledged, are of little concern |
19 |
to me, as they are closely managed by folks with a very limited scope of |
20 |
usage. Furthermore, the way they propage their (digitally undetecable, low |
21 |
bandwidwth) information pretty much makes them immune from exploitation by |
22 |
the pecker_heads (hacking commmunity without access to billions of dollars |
23 |
nor Rf signal intercept resources). It's pretty much the domain of a few |
24 |
dozen "nation states". |
25 |
|
26 |
|
27 |
|
28 |
> I was quite surprised to see that the random pool available on a |
29 |
> laptop I was working on at the time, was exceedingly lower than |
30 |
> the 4096 max entropy. |
31 |
> Try this to see yours: cat /proc/sys/kernel/random/entropy_avail |
32 |
> |
33 |
> I now run sys-apps/haveged in the background, at least when I am |
34 |
> generating ssl/gpg/ssh keys. |
35 |
|
36 |
Interesting [2] |
37 |
|
38 |
Do you have a formal document/wiki that explains it's usage in some detail? |
39 |
Some further discussion on it's usage and verification would be interested. |
40 |
Maybe "haveged " should have it's own page on the gentoo wiki? |
41 |
Do tell more on this. my FX-8350 came back with: |
42 |
entropy_avail 2188. It seems low and I would think that it is fixable |
43 |
in the kernel sources? |
44 |
|
45 |
Do tell me more on entropy, or anyone else that can delineate this |
46 |
entropy further......? |
47 |
|
48 |
> > [1] |
49 |
> > http://arstechnica.com/information-technology/2014/04/openssl- |
50 |
> > code-beyond-repair-claims-creator-of-libressl-fork/ |
51 |
> |
52 |
> Useful to know someone is cleansing the code. Thanks for sharing! |
53 |
|
54 |
|
55 |
The Rat is a very interesting humanoid. He has worked both sides of the |
56 |
fence and is a brilliant coder; idolized my some (many?) young pups...... [3] |
57 |
|
58 |
|
59 |
|
60 |
[1] http://opencores.org/ |
61 |
|
62 |
[2] http://www.issihosts.com/haveged/history.html |
63 |
|
64 |
[3] http://www.theos.com/deraadt/ |