[cryptography] Kernel space vs userspace RNG

Luca Testoni info at lucatestoni.it
Mon May 9 05:37:28 EDT 2016


On 06/05/2016 19:48, Russell Leidich wrote:

> But to answer your question, if we assume that the TRNG resides in the
> kernel, I see no way in which an acoustic attack could defeat it, even
> if the implementation sourced its randomness exclusively from the
> microphone, as too much audio precision would be required to create a
> predictable byte stream of any significant length in a realistic server
> environment with lots of fan noise and multipath arrival issues. So
> unless you're trying to attack a purely audio TRNG in a recording studio
> -- and probably not even then -- this route seems hopeless.
> Alternatively, you could try to attack a timer-based TRNG by shooting
> sound at the booting machine in the hopes that the sound device would
> send incoming sample packets to main memory on a predictable schedule,
> but this, too, seems hopeless because even ensuring timing correlation
> between timestamp counters on different cores is a perpetual annoyance
> to software developers; hoping to sync the audio and core clocks is much
> harder. The very existence of the RDTSCP instruction, which reads the
> timestamp on a specified core, is evidence of this difficulty.

Maybe could be attacked conversely, by an acoustic isolation of the
entropy noise sound device?





More information about the cryptography mailing list