[FYI][Linux/Kernel] Schlechte Entropie-Schaetzung bei /dev/random
Florian Weimer
Florian.Weimer@RUS.Uni-Stuttgart.DE
Mon Oct 15 17:58:02 2001
"Huels, Ralf SCORE" <Ralf.Huels@schufa.de> writes:
> Florian Weimer reports on RUS-CERT that there might be a problem with
> random number generation using /dev/random on Linux systems:
>
> http://cert.uni-stuttgart.de/ticker/article.php?mid=500
>
> Don't follow this link if you don't read german. Florian, is there an
> english version available?
No, there isn't. We don't think the problem is worth a
translation. ;-)
You can follow the links in the article and read the original
discussions on linux-kernel.
http://groups.google.com/groups?selm=fa.pd969fv.dlefiu%40ifi.uio.no&output=gplain
http://groups.google.com/groups?&selm=linux.kernel.20011001105927.A22795%40turbolinux.com
Summary: There are two defects in the /dev/random implementation:
entropy estimates for the data sources seem to be too high, and when
some entropy is retrived from the kernel pool, the estimate of the
remaining entropy is rather close to zero, regardless how many bytes
have been retrieved, so quite a bit of entropy is discarded
unnecessarily.
> Anyone care to comment on the practical relevance to Linux/GnuPG users?
I don't think it impacts most users. In order to mount an attack, one
has to know a lot about SHA-1 (provided that /dev/random is correctly
implemented here), and such knowledge is not publicly available at the
moment. For most users, this problem is similar to the famous "world
spins into wrong direction" bug, except that it's security-related
software and that we know now that hardly anyone cared to audit this
code so far. (BTW, it's far from clear that SHA-1 has got all the
properties required in this context.)
The proposed changes (later on in the second thread) may be of great
help in unattended key generation because more entropy is made
available per time period.
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898