Re: /dev/urandom uses uninit bytes, leaks user data

[Bill Davidsen <davidsen@tmr.com>]

David Newall wrote:
> Theodore Tso wrote:
>> On Tue, Dec 18, 2007 at 01:43:28PM +1030, David Newall wrote:
>>  
>>> On a server, keyboard and mouse are rarely used.  As you've described 
>>> it, that leaves only the disk, and during the boot process, disk 
>>> accesses and timing are somewhat predictable.  Whether this is 
>>> sufficient to break the RNG is (clearly) a matter of debate.
>>>     
>>
>> In normal operaiton, entropy is accumlated on the system, extracted
>> via /dev/urandom at shutdown, and then loaded back into the system
>> when it boots up.
> 
> Thus, the entropy saved at shutdown can be known at boot-time.  (You can 
> examine the saved entropy on disk.)
> 
> 
>> If you have a server, the best thing you can do is use a hardware
>> random number generator, if it exists.  Fortunately a number of
>> hardware platforms, such as IBM blades and Thinkpads, come with TPM
>> modules that include hardware RNG's.  That's ultimately the best way
>> to solve these issues.
> 
> Just how random are they?  Do they turn out to be quite predictable if 
> you're IBM?

The typical RNG is a noise diode or other similar hardware using thermal 
noise, so it's unlikely that anyone but God could predict it. There are 
some USB devices which supposedly use radioactive decay, I'm unsure if 
that's better but I don't want to carry the dongle in my pants pocket. 
The hotbits network site uses radioactive decay to generate it's numbers.

-- 
Bill Davidsen <davidsen@tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot