[onerng talk] install & access

ianG iang at iang.org
Tue Oct 28 12:34:29 GMT 2014 

On 28/10/2014 11:28 am, Paul Campbell wrote:
> On Tue, 28 Oct 2014 11:05:08 ianG wrote:
> 
>>
>> Once rngd is started and starts reading for feeding, does this cause a
>> capture of the device?
>>
>> Eg., as described below if I open the tty and send the 'get me some RNs'
>> command down it, does it respond nicely to me?  And without being nasty
>> to the rngd?
> 
> well it just starts sending you a random stream of bytes - the more you suck 
> from it the more it provides, empty the internal entropy pool and it stalls 
> until more is available, if you consume data too slowly the data spills xoring 
> into the internal entropy pool continually stirring it


That part is good.

Just musing here, as a potential attack, could I attack another reader
by opening tty and writing cmdX to it?  The other reader will then get
the code dump which is known data.  My attacker could even do it
continuously :)

Thinking about this, there is no way to know which mode it is in.

So another attack would be to sneak in and put an interfering RF thing
close by, then switch it across to raw RF, cmd7.  Although it would have
to be a pretty fierce source given that you're only sampling the last
bit, but hey, that's how these games are played.

Or another attack is to switch it to cmd4,5.  What happens then?  Does a
reader receive anything?  Does it block?


>> Same question for the verification command.
> 
> basically the same - the verification stream has a framing header with a count 
> and a version followed by a memory image


In cmdX, 'size in bytes' refers to the signed firmware image?  'actual
code size' refers to the code firmware image within?

Is it actually a good idea to pad with random data?  In light of above
attack, might be a better idea to pad with the opposite.

You're 'ent' table, would it be helpful to add a row showing perfect
results?  Being 8, 127.5, 10-90, etc...

(I note with amusement that the 'ent' results measure of entropy goes up
with the whitener.  Add more whitener ;)


>>> it's a tty - set it to raw and it listens for commands and responds with a
>>> byte stream
>>
>> Nice!  What is the command set?
> 
> essentially send it the string 'cmd' followed by a character  (this is largely 
> to make the case where 
> 
> there are on/off/flush, crypto mode and an image dump
>  
> details are here:
> 
> http://moonbaseotago.com/onerng/theory.html


OK, reading that.


iang

More information about the Discuss mailing list