[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: DIGEST-MD5 and {nonce,cnonce}
At 06:21 PM 10/25/99 -0700, Howard Chu wrote:
>, and we're talking about securing an authentication
>mechanism for a critical system service.
Yes. Strong authentication requires both clients and servers to have
quality sources of entropy.
>I think it's fair to demand special
>privileges to support such an environment.
No, it's not. Neither client nor server may have special priviledges.
>As for swap itself - probably it
>would be more interesting to read /dev/mem or /dev/kmem.
Regardless of how good or bad of source these devices are,
it's just too much of a security risk to open them.
>It shares some of
>the weaknesses of other methods that rely on ps output or other sequences of
>Unix commands.
And I hope we avoid these approaches as well.
>On a very quiescent machine, a very idle server, the total
>content of physical memory might be fairly constant. But on a system with at
>least two or three actively running processes, you should be able to pull
>fairly unpredictable values out of the heap, stack, and program counters, as
>well as any other state that is maintained during context switches.
Though a computer systems has very low entropy, that is, it is
highly orderred, I concur that you likely could extract reasonable
entropy from system memory. A sound approach would to compute a
MD5 hash of the WHOLE contents of memory.
However, bits choosen at random will have low entropy.
To demonstrate this, how about a little wager. I will bet you
a penny per bit that I can guess values of randomly choosen
bits from /dev/mem. How many bits would you like to play
for? Oh, by the way, I guess zero for all bits. :-)
Kurt
----
Kurt D. Zeilenga <kurt@boolean.net>
Net Boolean Incorporated <http://www.boolean.net/>