| Matthew Rosewarne on 4 Mar 2007 19:21:03 -0000 |
|
On Sunday 04 March 2007 09:43, Walt Mankowski wrote: > I think you should consider why they're recommending you fill the disk > with random bits. I imagine it's to make it difficult for an attacker > to tell the the difference between allocated and unallocated sectors > of the disk. Of course there is some pattern to the pseudo-random > numbers, but remember a) the period for random(3) is greater than 34 > billion, b) as data is written to the disk it will be scattered > throughout the sectors and throw off the pattern anyway, and c) there > would surely be patterns in the radio stream too (applause, Powder Milk > Biscuit ads, etc.). Yes, deniability is the idea behind randomising the disk. However, the reason I'm using this Daemon instead of simply "cat /dev/dsp > /dev/sda" is because it doesn't simply write the audio data, just like the kernel's existing entropy drivers don't just write network traffic & keyboard input. The daemon measures the difference between the left & right channels (hence the need for stereo) and runs the result through various scrambling operations (I think SHA-1 is one operation). The resulting random data stream, while it certainly won't be much of a workout for your disk, is a great deal larger than what you might get from other sources. Try it and see. Of course, what would be much better would be to use a real hardware RNG, but unfortunately an FM radio is more in my price range... > > That's a cute hack, but it seems like overkill to me. All you really > > need is enough entropy to seed your random number generator, then > > generate the actual random data with that. Well, the actual random data has to come from somewhere, and /dev/random blocks unless it actually has entropy to provide. Most people recommend using /dev/urandom which is closer to that approach, but I'm in no hurry. > > * How often would someone not have any keyboard or net activity, but > > have physical access to the machine with a radio? It's not really a question of access, but utility. I wouldn't really be able to _use_ this machine much while I'm wiping its disk, so there wouldn't be any keyboard input or network traffic to gather. Even if I were using the machine the amount of entropy that would generate would take forever to fill that disk. I'm considering also running bittorrent on the machine for some more entropy, but I'm sure that won't provide nearly as much. Also, since I can't use the hard disk I won't be able to use much space for torrents. > > * What do you have against Prairie Home Companion, anyway? My problem is that NPR is IMO the only decent thing on the radio, that is unless they're playing Keillor's inane, faux-folk claptrap. The same applies to This American Life too. I personally couldn't think of a better source of random garbage data than either of these shows. Attachment:
pgpiOCqAeXIZP.pgp ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|