@Lookatableflip @sophieschmieg /dev/random isn't software only
Conversation
Notices
-
Embed this notice
Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 04-Jan-2025 22:02:29 JST 
Ryan Castellucci (they/them) :nonbinary_flag:
-
Embed this notice
Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 04-Jan-2025 21:53:58 JST
Ryan Castellucci (they/them) :nonbinary_flag:
It would be really funny if this was used to generate cryptocurrency keys.
FWIW, you can do a serviceable "software only" TRNG based on comparing the jitter of two clock sources.
This is some "Poe's law" stuff, could be satire, could be deranged tech bro.
Via @sophieschmieg
-
Embed this notice
David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Saturday, 04-Jan-2025 22:54:15 JST 
David Chisnall (*Now with 50% more sarcasm!*)
@ryanc @Lookatableflip @sophieschmieg That depends a lot on the system. It will use all of the entropy sources available to the kernel. On modern systems, that typically includes at least one hardware entropy source. These are often a set of free-running ring oscillators, which then feed into some cryptographic hash function for whitening.
Without these, it will use much weaker things. The contents of the password file, the hash of the kernel binary, the cycle count at the time interrupts fire or devices are attached, and so on.
There have been some high-profile vulnerabilities from embedded devices that did things like generating private keys on first boot, with deterministic device attach time, and ended up with a handful of different private keys across the entire device fleet.
-
Embed this notice
Citty (citty@infosec.exchange)'s status on Saturday, 04-Jan-2025 23:21:28 JST 
Citty
@ryanc @sophieschmieg If I had the resources and wasn't the kind of person they'd probably call a FUDer at best, I wonder how they'd respond to "I have X thousand dollars, all you have to do is release a paper that proves it works"
-
Embed this notice
Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Sunday, 05-Jan-2025 02:59:26 JST 
Sophie Schmieg
@david_chisnall @ryanc @Lookatableflip and don't forget the whole Debian random number generator debacle. That was probably one of the motivating factors for adding RDRAND and friends to modern CPUs.
-
Embed this notice
Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Sunday, 05-Jan-2025 02:59:26 JST
Ryan Castellucci (they/them) :nonbinary_flag:
@sophieschmieg @david_chisnall @Lookatableflip I don't consider interrupt timing to be "software only", fwiw.
-
Embed this notice
David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Sunday, 05-Jan-2025 05:43:32 JST
David Chisnall (*Now with 50% more sarcasm!*)
@ryanc @sophieschmieg @Lookatableflip I guess it’s not pure software, but anything running on a real computer has a hardware component. The randomness bit is pure software, using whatever it can from the environment as entropy sources, but none of the entropy sources alone (without a hardware random number generator) has enough entropy to be useful, and interrupt timings can sometimes be under attacker control (some fun attacks from the ‘90s involved sending packets at specific timing to influence the entropy collection).
-
Embed this notice
Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Sunday, 05-Jan-2025 22:38:28 JST
Ryan Castellucci (they/them) :nonbinary_flag:
@david_chisnall @sophieschmieg @Lookatableflip And thus the "AI" solution is not pure software either.
Deep down, it's relying on a PRNG seeded from something.
-
Embed this notice
All GNU social JP content and data are available under the