| 1 |
Mick <michaelkintzios <at> gmail.com> writes: |
| 2 |
|
| 3 |
> What if the |
| 4 |
> RNG you use on your PC is either backdoored by Intel (if hardware |
| 5 |
> generated), or it has such a low entropy that it is trivial to |
| 6 |
> crack its algorithmic derivatives. |
| 7 |
|
| 8 |
Rest easy here. ALL commercial hardware is "backdoor" at the silicon layer, |
| 9 |
not only by US interests, but various others, with extreme amounts of |
| 10 |
financial resources. That is a whole other topic. If you want to fix that, |
| 11 |
you'd better plan on building up, from a FPGA or such. [1] |
| 12 |
|
| 13 |
|
| 14 |
I usually do not work about such powerful forces as they usually "police" |
| 15 |
their own. If you are part of an anarchy, terrorist to looking to supplant |
| 16 |
those folks, then you have to worry about them. I'm more concerned with the |
| 17 |
petty criminals, interlopers, and script_kiddies who destroy things for fun. |
| 18 |
So hardwware comprises, although fully acknowledged, are of little concern |
| 19 |
to me, as they are closely managed by folks with a very limited scope of |
| 20 |
usage. Furthermore, the way they propage their (digitally undetecable, low |
| 21 |
bandwidwth) information pretty much makes them immune from exploitation by |
| 22 |
the pecker_heads (hacking commmunity without access to billions of dollars |
| 23 |
nor Rf signal intercept resources). It's pretty much the domain of a few |
| 24 |
dozen "nation states". |
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
> I was quite surprised to see that the random pool available on a |
| 29 |
> laptop I was working on at the time, was exceedingly lower than |
| 30 |
> the 4096 max entropy. |
| 31 |
> Try this to see yours: cat /proc/sys/kernel/random/entropy_avail |
| 32 |
> |
| 33 |
> I now run sys-apps/haveged in the background, at least when I am |
| 34 |
> generating ssl/gpg/ssh keys. |
| 35 |
|
| 36 |
Interesting [2] |
| 37 |
|
| 38 |
Do you have a formal document/wiki that explains it's usage in some detail? |
| 39 |
Some further discussion on it's usage and verification would be interested. |
| 40 |
Maybe "haveged " should have it's own page on the gentoo wiki? |
| 41 |
Do tell more on this. my FX-8350 came back with: |
| 42 |
entropy_avail 2188. It seems low and I would think that it is fixable |
| 43 |
in the kernel sources? |
| 44 |
|
| 45 |
Do tell me more on entropy, or anyone else that can delineate this |
| 46 |
entropy further......? |
| 47 |
|
| 48 |
> > [1] |
| 49 |
> > http://arstechnica.com/information-technology/2014/04/openssl- |
| 50 |
> > code-beyond-repair-claims-creator-of-libressl-fork/ |
| 51 |
> |
| 52 |
> Useful to know someone is cleansing the code. Thanks for sharing! |
| 53 |
|
| 54 |
|
| 55 |
The Rat is a very interesting humanoid. He has worked both sides of the |
| 56 |
fence and is a brilliant coder; idolized my some (many?) young pups...... [3] |
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
[1] http://opencores.org/ |
| 61 |
|
| 62 |
[2] http://www.issihosts.com/haveged/history.html |
| 63 |
|
| 64 |
[3] http://www.theos.com/deraadt/ |
Archives