headers
Bill Frantz | 6 Oct 2004 00:03
Favicon

Re: Making privilegedScope["entropy"] safer

At 1:23 PM -0700 10/5/04, David Wagner wrote:
>Kevin Reid writes:
>>On Oct 5, 2004, at 14:51, Bill Frantz wrote:
>>> At 4:47 AM -0700 10/5/04, Kevin Reid wrote:
>>> Gathering entropy is unlike most computing where if you allow garbage
>>> input, you get garbage output.  With entropy, if you have N sources of
>>> input, and N-1 of them are bad, the single good input source allows
>>> you to have good output.
>[...]
>>> Note that a hostile program can attack the estimate of available entropy
>>> by calling setSeed/2 with high estimates of the available entropy.
>>> It might be wise to suppress this method to prevent this attack.
>>
>>If this is true, surely it is equally possible to do so with setSeed/1?
>>
>>setSeed/1 "assumes 1 bit of entropy for each byte of the seed", according
>>to its documentation.
>
>I would think one reasonable thing to do might be to replace both
>setSeed/1 and setSeed/2 with wrappers as follows (in pseudo-Java):
>
>  void setSeed_tamed(long seed) {
>    byte[] b = new byte[];
>    // convert the long to a byte array
>    setSeed(b, 0);
>  }
>  void setSeed_tamed(byte[] seed) {
>    setSeed(seed, 0);
>  }
>  void setSeed_tamed(byte[] seed, int entropy) {
>    setSeed(seed, 0);
>  }
>
>If you could then make the original setSeed/1 and setSeed/2 available
>only to trusted entities (e.g., whoever constructs the entropy object
>can bump up the entropy count), but give everyone else access only to
>the wrapped interfaces (which doesn't allow callers to manipulate the
>entropy estimate), would that do it?
>
>What do you think?

As far as I know, the estimate of entropy is only used to ensure that
"enough" (160 bits) entropy has been gathered before giving out random
numbers, and to protect against state compromise extension attacks (ref:
David Wagner's review), this solution should cover the whole issue.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | "So long as we govern our nation by the letter and
(408)356-8506      | spirit of the Bill of Rights, we can be sure that our
www.pwpconsult.com | nation will grow in strength and wisdom and freedom."
                   |    - Harry S. Truman
Permalink | Reply |

Gmane