|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] HOWTO: Find a purpose for Garrison Keillor
|
Hi:
* Matthew Rosewarne <mukidohime@case.edu> [2007-03-04 14:20:39 -0500]:
> On Sunday 04 March 2007 09:43, Walt Mankowski wrote:
> > I think you should consider why they're recommending you fill the disk
> > with random bits. I imagine it's to make it difficult for an attacker
> > to tell the the difference between allocated and unallocated sectors
> > of the disk. Of course there is some pattern to the pseudo-random
> > numbers, but remember a) the period for random(3) is greater than 34
> > billion, b) as data is written to the disk it will be scattered
> > throughout the sectors and throw off the pattern anyway, and c) there
> > would surely be patterns in the radio stream too (applause, Powder Milk
> > Biscuit ads, etc.).
> Yes, deniability is the idea behind randomising the disk. However, the reason
> I'm using this Daemon instead of simply "cat /dev/dsp > /dev/sda" is because
> it doesn't simply write the audio data, just like the kernel's existing
> entropy drivers don't just write network traffic & keyboard input. The
> daemon measures the difference between the left & right channels (hence the
> need for stereo) and runs the result through various scrambling operations (I
> think SHA-1 is one operation). The resulting random data stream, while it
> certainly won't be much of a workout for your disk, is a great deal larger
> than what you might get from other sources. Try it and see.
>
> Of course, what would be much better would be to use a real hardware RNG, but
> unfortunately an FM radio is more in my price range...
All recent VIA processors have h/w RNGs built-in, and Linux has support for
them (the processors, and the RNGs). VIA claims bandwidth of 12M random
numbers / second without defining what "numbers" are. Worst-case, I guess
they mean number=bit; that would fill your 80G drive in about 14 hours.
http://www.via.com.tw/en/initiatives/padlock/features.jsp#rng
They're cheap too, but probably not as cheap as a radio; sorry.
> > > That's a cute hack, but it seems like overkill to me. All you really
> > > need is enough entropy to seed your random number generator, then
> > > generate the actual random data with that.
> Well, the actual random data has to come from somewhere, and /dev/random
> blocks unless it actually has entropy to provide. Most people recommend
> using /dev/urandom which is closer to that approach, but I'm in no hurry.
>
> > > * How often would someone not have any keyboard or net activity, but
> > > have physical access to the machine with a radio?
> It's not really a question of access, but utility. I wouldn't really be able
> to _use_ this machine much while I'm wiping its disk, so there wouldn't be
> any keyboard input or network traffic to gather. Even if I were using the
> machine the amount of entropy that would generate would take forever to fill
> that disk.
>
> I'm considering also running bittorrent on the machine for some more entropy,
> but I'm sure that won't provide nearly as much. Also, since I can't use the
> hard disk I won't be able to use much space for torrents.
>
> > > * What do you have against Prairie Home Companion, anyway?
> My problem is that NPR is IMO the only decent thing on the radio, that is
> unless they're playing Keillor's inane, faux-folk claptrap. The same applies
> to This American Life too. I personally couldn't think of a better source of
> random garbage data than either of these shows.
Hold on now, Ira Glass >> GK... but I prefer Car Talk over both of them.
Regards,
--
Mark M. Hoffman
mhoffman@lightlink.com
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|