[Cryptech Tech] trng ready for play
Joachim Strömbergson
joachim at secworks.se
Mon Oct 6 07:25:32 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Randy Bush wrote:
>> (2) Have the entropy providers provide an estimate of their current
>> rate as a readable value to SW.
>
> beware insertion of a lie by attacker so you try to pull more than it
> can push
Then you are assuming that the FPGA has been subverted, and this is the
method of attacking. Not killing the entropy generation AND killing the
test system.
And trying to pull more than it can push actuallt would be ok. The
collector will just wait for the entropy provider until it can deliver.
Or a timeout happens, whatever comes first.
If the upper layers are subverted they could instead set the timeout
values to something ridicilously long and then kill the entropy thus
causing a livelock.
Yes we need to carefully consider possible attack vectors and have
layered security. But sometimes we probably need to just accept that
there is a tradeoff between different attack vectors.
Let me flip the question around. Given that we need to wait for an
entropy provider to actually provide a word of data. How do you suggest
that we deal with the potential livelock hazard in a secure manner that
can't be subverted?
I have suggested:
(1) The mixer has a predefined fixed value that can't be changed. This
works, but we risk having a lot of timeouts if the entropy source rate
decreases. Alternatively, reseed will take long time.
(2) Having settable rates in the mixer via the API. Then that can be
used either as part of a DoS or to cause massive timeouts.
(3) Having the entropy provider automaticallt suggest to the mixer what
rate is currently appropriate. No API adjustmnent. But then the mixer
looses control of the timeout. And you therefore rejected that idea too.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJUMkPrAAoJEF3cfFQkIuyNJ6EP/3fDxwfDJJ50ubPQR+fY08lv
fk6KCSt0ehrJ4Vvnnw5E8bf5pdu0iC/jIP6nTYVA0oi9ty9Nmr7mJOE27MALZ4+4
ntsBMHHb1N1ysz0NK0OsdlhLs7dSbcEgFTFgKWzGZh3BXM4+hfT94hlGd0DARMf/
6ZesdFydGFdOWX9UnJWXomhDrgkBhXR8JsoF+qJ4xhuKiaHr/XwEuv78BNhSerBs
lLCCi7p/SZMEzivn4ZDrkhD3gsJ+aoiPwgxmsBv7voYfNkOCvzfAboUeq+6VHgZN
+JF6R4i/xKzfaKun8x4bdpre/fMpUoV46caPO4JwX8yWM4/l7+u8bpbIK/cIEqxL
kIrJ+XMHbkc0578kN+28W/Ew2PkyvFWguHNBhkaEU42XGRrTU+EyGHYAdTmC56vJ
L8aOEpJHsa2v4JS9+TxK4rHxIoDgAKGFpmU5cxKndKE4uJlvaR388dB5UNEuZwog
uBkJVecHXgO7/KG1BRk22NzhDt2fT1oHNgn9heqjPCXSV8Y83pwlUu+VuC92auNx
QBR4gILK3LnjbK27jsPDeDJ1LhH04Lq8K6bdYn5Uysk/76SoPHOX2om95uH2MVY5
Goavr4I+be1+mdDXvgX2VCg+jph+3PLhHCLCb0y3CJ+KqR/JjM+lmYoTvGgd+pFc
up2Q58LsRl2LG2GEmbQw
=kF3K
-----END PGP SIGNATURE-----
More information about the Tech
mailing list