Mark Ward, reporting for the BBC:
“This seemed like just an interesting problem when we got started but as we went on it got scary,” said security analyst Bruce Potter who, along with researcher Sasha Moore, carried out the study that was presented at the Black Hat security event in Las Vegas.
From the “Entropy” entry at Wikipedia:
The Linux kernel generates entropy from keyboard timings, mouse movements, and IDE timings and makes the random character data available to other operating system processes through the special files /dev/random and /dev/urandom.
The seed needed by pseudorandom number generators comes from this pool of data. If the pool is to small, the server can not generate a truly random seed, thus weakening/compromising the whole cryptographic process.
UPDATE (August 12, 2015): Looks like this problem is not new. Thanks to Major Hayden, it already arose eight years ago and solutions were already provided (comments section).
Monday, August 10, 2015
Copyright © 2015-2018 Selected Links | RSS | Twitter | Linked list