Re: randomdev entropy gathering is really weak

[Mark Murray]

> : If the attacker is on your computer (he us a user, say), he might know
> : a lot about the current frequency of your xtal. He can also get the same
> : (remote) time offsets as you. What does that give him? Not much, but it
> : could reduce the bits that he needs to guess. By how much? I don't
> : know.
> 
> I don't know the answers to that either.
> 
> Of course, if the attaker has root access to your machine, then you
> have bigtime problems with keeping the random bits secret anyway...

My scenario assumed that the attacker/user was not root. Of course if
he is root, he knows a bit more, but even a non-root attacker can make
a statistical study of the local clock and some hand-rolled ntp code.

(I'm not suggesting it is easy, just possible :-) )

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message