diff for duplicates of <1523979759.3310.7.camel@HansenPartnership.com> diff --git a/a/1.txt b/N1/1.txt index 8ea448d..5c69bdc 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -3,12 +3,12 @@ On Tue, 2018-04-17 at 11:16 -0400, Theodore Y. Ts'o wrote: > > > > You don't have to compromise the bootloader to influence this, you > > merely have to trick it into providing the random number you -> > wanted.A The bigger you make the attack surface (the more inputs) +> > wanted. The bigger you make the attack surface (the more inputs) > > the more likelihood of finding a trick that works. > > There is a large class of devices where the bootloader can be -> considered trusted.A A For example, all modern Chrome and Android -> devices have signed bootloaders by default.A A And if you are using an +> considered trusted. For example, all modern Chrome and Android +> devices have signed bootloaders by default. And if you are using an > Amazon or Chrome VM, you are generally started it with a known, > trusted boot image. @@ -35,16 +35,16 @@ the people who wrote the bootloader to understand and correctly implement the cryptographically secure process of obtaining a random input? -> There are other ways that this could be done, of course.A A If the UEFI +> There are other ways that this could be done, of course. If the UEFI > boot services are still available, you might be able to ask the UEFI -> services to give you randomness.A A And yes, the hardware might be +> services to give you randomness. And yes, the hardware might be > backdoored to the fare-the-well by the MSS (for devices manufactured > in China) or by an NSA Tailored Access Operations intercepting a -> computer shipment in transit.A A But my vision was that this wouldn't +> computer shipment in transit. But my vision was that this wouldn't > necessarily bump the entropy accounting or mark the CRNG as fully -> intialized.A A (If you work for the NSA and you're sure you won't do an +> intialized. (If you work for the NSA and you're sure you won't do an > own-goal, you could enable a kernel boot option which marks the CRNG -> initialized from entropy coming from UEFI or RDRAND or a TPM.A A But I +> initialized from entropy coming from UEFI or RDRAND or a TPM. But I > don't think it should be the default.) > > The only goal was to get enough uncertainty so we can secure early diff --git a/a/content_digest b/N1/content_digest index b1f94e4..2b6a003 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -20,12 +20,12 @@ "> > \n" "> > You don't have to compromise the bootloader to influence this, you\n" "> > merely have to trick it into providing the random number you\n" - "> > wanted.A The bigger you make the attack surface (the more inputs)\n" + "> > wanted.\302\240 The bigger you make the attack surface (the more inputs)\n" "> > the more likelihood of finding a trick that works.\n" "> \n" "> There is a large class of devices where the bootloader can be\n" - "> considered trusted.A A For example, all modern Chrome and Android\n" - "> devices have signed bootloaders by default.A A And if you are using an\n" + "> considered trusted.\302\240\302\240For example, all modern Chrome and Android\n" + "> devices have signed bootloaders by default.\302\240\302\240And if you are using an\n" "> Amazon or Chrome VM, you are generally started it with a known,\n" "> trusted boot image.\n" "\n" @@ -52,16 +52,16 @@ "implement the cryptographically secure process of obtaining a random\n" "input?\n" "\n" - "> There are other ways that this could be done, of course.A A If the UEFI\n" + "> There are other ways that this could be done, of course.\302\240\302\240If the UEFI\n" "> boot services are still available, you might be able to ask the UEFI\n" - "> services to give you randomness.A A And yes, the hardware might be\n" + "> services to give you randomness.\302\240\302\240And yes, the hardware might be\n" "> backdoored to the fare-the-well by the MSS (for devices manufactured\n" "> in China) or by an NSA Tailored Access Operations intercepting a\n" - "> computer shipment in transit.A A But my vision was that this wouldn't\n" + "> computer shipment in transit.\302\240\302\240But my vision was that this wouldn't\n" "> necessarily bump the entropy accounting or mark the CRNG as fully\n" - "> intialized.A A (If you work for the NSA and you're sure you won't do an\n" + "> intialized.\302\240\302\240(If you work for the NSA and you're sure you won't do an\n" "> own-goal, you could enable a kernel boot option which marks the CRNG\n" - "> initialized from entropy coming from UEFI or RDRAND or a TPM.A A But I\n" + "> initialized from entropy coming from UEFI or RDRAND or a TPM.\302\240\302\240But I\n" "> don't think it should be the default.)\n" "> \n" "> The only goal was to get enough uncertainty so we can secure early\n" @@ -83,4 +83,4 @@ "\n" James -00e5d5ec87dedec4430b21a6a260b94f308945b9fb72c8ff60650813036ea7a1 +6973e60d912b7f106e1789e2c05916032a8793323097257ddc94129a9691452c
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.