noloader at gmail
Aug 19, 2012, 3:51 PM
Post #7 of 16
On Sun, Aug 19, 2012 at 6:12 PM, Dan Kaminsky <dan [at] doxpara> wrote:
> On Sun, Aug 19, 2012 at 3:03 PM, Ben Laurie <ben [at] links> wrote:
>> On Sun, Aug 19, 2012 at 9:28 PM, Dan Kaminsky <dan [at] doxpara> wrote:
>> > On Sun, Aug 19, 2012 at 10:13 AM, Ben Laurie <ben [at] links> wrote:
>> >> On Sun, Aug 19, 2012 at 5:42 PM, Dan Kaminsky <dan [at] doxpara> wrote:
>> >> > entropy gathering has gotten *worse* (via abandonment of interrupts),
>> >> > not
>> >> > better.
>> >> Entropy gathering in _one particular OS_. Credit where its due, please.
>> > My understanding is that bad keys were detected on more than just Linux,
>> > which implies starvation on everything on everything not out of Redmond.
>> > What interesting approaches are you aware of that deserve credit? Not a
>> > rhetorical question, I'm genuinely curious.
>> I was referring to the abandonment of interrupts in Linux. You think
>> that other OSes have got worse at entropy gathering? And when did
>> "more than Linux" start implying "not Windows"?
> My assumption is that the other Unixes weren't looking at interrupt timing
> to begin with, i.e. they've always been as starved for entropy as Linux
> eventually became. That being said, does VXWorks even *have* an OS provided
> strong random number generator?
> Windows has CryptGenRandom, which AFAIK doesn't block, and survives
> everything but VM suspend/restore.
A bit dated:
* Analysis of the Linux Random Number Generator, eprint.iacr.org/2006/086.pdf
* Cryptanalysis of the Random Number Generator of the Windows
Operating System, eprint.iacr.org/2007/419.pdf
Most recent analysis of Linux RNG (AFAIK):
* Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/