[Ach] Recomendation on haveged in Bettercrypto chapter 3.3.3
Aaron Zauner
azet at azet.org
Wed Apr 29 19:44:20 CEST 2015
Hi,
Ralf Schlatterbeck wrote:
> I'm talking about something that you can set up yourself, in my case
> OpenWRT based. But I don't think keeping the RNG state in some file
> solves the issue completely. At least in 90% of all cases I
> power-cycle the device to reboot and don't do a normal shutdown (because
> the device is hung or I'm directing someone per telephone to press a
> reset button). So normal shutdown is probably not the most-often used
> use-case :-)
Here I agree this is an issue. There's a nice paper on RNG
reset-security from S&P last year:
http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf
Then again; how does haveged help in this case? Maybe I just completely
misunderstand how haveged works and is implemented.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150429/bc0e8b31/attachment.sig>
More information about the Ach
mailing list