document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-03 23:40:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Linux RNG May Be Insecure After All is translated

Browse Source
This commit is contained in:
will.qian 2013-10-16 21:23:01 +08:00
parent ec167c07f9
commit a221a157a1
2 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
sources/Linux RNG May Be Insecure After All.md
View File

@ -1,18 +0,0 @@
will.qian is translating this article.
Linux RNG May Be Insecure After All
================================================================================
> As a followup to Linus's [opinion people skeptical of the Linux random number generator][1], a new paper [analyzes the robustness of /dev/urandom and /dev/random][2] . From the paper: 'From a practical side, we also give a precise assessment of the security of the two Linux PRNGs, /dev/random and /dev/urandom. In particular, we show several attacks proving that these PRNGs are not robust according to our definition, and do not accumulate entropy properly. These attacks are due to the vulnerabilities of the entropy estimator and the internal mixing function of the Linux PRNGs. These attacks against the Linux PRNG show that it does not satisfy the "robustness" notion of security, but it remains unclear if these attacks lead to actual exploitable vulnerabilities in practice.'
Of course, you [might not even be able to trust hardware RNGs][3]. Rather than simply proving that the Linux PRNGs are not robust thanks to their run-time entropy estimator, the authors provide a new property for proving the robustness of the entropy accumulation stage of a PRNG, and offer an alternative PRNG model and proof that is both robust and more efficient than the current Linux PRNGs.
--------------------------------------------------------------------------------
via: http://it.slashdot.org/story/13/10/14/2318211/linux-rng-may-be-insecure-after-all
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
[1]:http://linux.slashdot.org/story/13/09/10/1311247/linus-responds-to-rdrand-petition-with-scorn
[2]:http://eprint.iacr.org/2013/338.pdf
[3]:http://slashdot.org/story/13/09/13/1228216/stealthy-dopant-level-hardware-trojans

17
translated/Linux RNG May Be Insecure After All.md Executable file
View File

@ -0,0 +1,17 @@
Linux 随机数生成器可能还是不安全的
================================================================================
> 在 Linus 向那些质疑 Linux 随机数生成器安全性的人们发表了自己的观点之后,现在,一篇新的学术论文[分析了 Linux 中的 /dev/urandom 和 /dev/random 的健壮性][2]。论文中写道:“从实际的角度来说,我们也对 Linux 的两种伪随机数生成器 /dev/random 和 /dev/urandom 的安全性做了精确的评估。特别是,我们展示了几种攻击手段来证明 Linux 中的这两种伪随机数生成器并不符合我们对健壮性的定义,而且熵没有适当地累积起来。这些攻击能起效是由于熵估计器及 Linux 伪随机数生成器的内部混合函数存在弱点。由于这些攻击的存在Linux 的伪随机数生成器并不满足安全学中‘健壮性’这一概念,但是,在实际情况中,我们并不清楚这些攻击手段是否存在真正可利用的漏洞。”
当然,你[甚至可能连硬件随机数生成器都不相信][3]。论文作者们并非只是简单地证明 Linux 伪随机数生成器是不健壮的(通过使用 Linux 的运行时熵估计器),他们提出了一个新的性质用于检验伪随机数生成器的熵累计阶段是否健壮,并且,他们还提供了另一个伪随机数生成器的模型,他们证明,这个模型不仅是健壮的,而且比现有的 Linux 伪随机数生成器更加高效。
--------------------------------------------------------------------------------
via: http://it.slashdot.org/story/13/10/14/2318211/linux-rng-may-be-insecure-after-all
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
译者:[will.qian](https://github.com/willqian) 校对:[校对者ID](https://github.com/校对者ID)
[1]:http://linux.slashdot.org/story/13/09/10/1311247/linus-responds-to-rdrand-petition-with-scorn
[2]:http://eprint.iacr.org/2013/338.pdf
[3]:http://slashdot.org/story/13/09/13/1228216/stealthy-dopant-level-hardware-trojans