RE: DIGEST-MD5 and {nonce,cnonce}

["Kurt D. Zeilenga" <kurt@boolean.net>]

At 06:21 PM 10/25/99 -0700, Howard Chu wrote:
>, and we're talking about securing an authentication
>mechanism for a critical system service.

Yes.  Strong authentication requires both clients and servers to have
quality sources of entropy.

>I think it's fair to demand special
>privileges to support such an environment.

No, it's not.  Neither client nor server may have special priviledges.

>As for swap itself - probably it
>would be more interesting to read /dev/mem or /dev/kmem.

Regardless of how good or bad of source these devices are,
it's just too much of a security risk to open them.

>It shares some of
>the weaknesses of other methods that rely on ps output or other sequences of
>Unix commands.

And I hope we avoid these approaches as well.  

>On a very quiescent machine, a very idle server, the total
>content of physical memory might be fairly constant. But on a system with at
>least two or three actively running processes, you should be able to pull
>fairly unpredictable values out of the heap, stack, and program counters, as
>well as any other state that is maintained during context switches.

Though a computer systems has very low entropy, that is, it is
highly orderred, I concur that you likely could extract reasonable
entropy from system memory.  A sound approach would to compute a
MD5 hash of the WHOLE contents of memory.

However, bits choosen at random will have low entropy.
To demonstrate this, how about a little wager.  I will bet you
a penny per bit that I can guess values of randomly choosen
bits from /dev/mem.  How many bits would you like to play
for?  Oh, by the way, I guess zero for all bits.  :-)

Kurt

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>