On Sun, May 1, 2022 at 6:35 PM Emmanuel Deloget <log...@free.fr> wrote: > > > - RNG is seeded and credited using file A. > > > - File A is unlinked but not fsync()d. > > > - TLS connection does something and a nonce is generated. > > > - System loses power and reboots. > > > - RNG is seeded and credited using same file A. > > > - TLS connection does something and the same nonce is generated, > > > resulting in catastrophic cryptographic failure. > > > > > > This is a big deal. Crediting seeds is not to be taken lightly. > > > Crediting file-based seeds is _only_ safe when they're never used > > > twice. > > > > Using the same file twice is better than having nothing at all. > > I beg to differ, and especially on some embedded systems where the RNG > might be quite controllable by an attacker from the outside (mostly because > it lacks a lot of entropy crediting inputs, which is exactly the reason why we > need seedrng in the first place). This may lead to catastrophic cryptography > failures down the road.
Did you personally encounter such a situation? I'm not implying it's not really happening, I'm interested to hear from people who met this situation in real world. _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox