|
From: | Isaac Dupree |
Subject: | Re: GRUB and network (was Re: GRUB and Google Summer of Code) |
Date: | Thu, 01 Apr 2010 20:12:09 -0400 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100330 Shredder/3.0.4 |
On 04/01/10 16:59, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
There is already some crypto imported for password support so adding enough to have SSL would hopefully not be too difficult.Not true. Although we have ciphers and hashes we don't have either asymetric algorithms or random generator. The first is easy to import but generating random numbers involves gathering entropy which is cornerstone of network cryptography. Without a good random number generator most SSL algorithms will only make the user happier without adding any security against attacker.
Is it reasonable to generate some random data during grub-install, and write it to the disk, where GRUB will then use it? Maybe in combination with real-time clock, this can be good enough initial entropy? (But I have not consulted with security research--this is just a guess.)
-Isaac
[Prev in Thread] | Current Thread | [Next in Thread] |