canmove, Confirmed users
937
edits
VE 07KeyMgmt: Difference between revisions
Jump to navigation
Jump to search
→Key Generation
| Line 51: | Line 51: | ||
The initial value of ''XKEY'' is derived using the following procedure. | The initial value of ''XKEY'' is derived using the following procedure. | ||
* We obtain 1024 bytes from the system random number generator. On Windows XP SP 2, we call the CryptGenRandom function in the CryptoAPI. On Solaris, HP-UX, Linux, and Mac OS X, we read from the special device /dev/urandom.<div class=note>On HP-UX B.11.11, one must install the HP-UX Strong Random Number Generator (KRNG11i) bundle to get /dev/random and /dev/urandom. The KRNG11i bundle can be downloaded for free from the HP software depot, and installation is straightforward.</div> We set ''XKEY'' to the SHA-256 hash of these 1024 bytes.<pre>XKEY = SHA-256(1024 bytes from the system RNG)</pre> This is performed in the <code>RNG_RNGInit</code> function. | * We obtain 1024 bytes from the system random number generator. On Windows XP SP 2, we call the CryptGenRandom function in the CryptoAPI. On Solaris, HP-UX, Linux, and Mac OS X, we read from the special device /dev/urandom.<div class=note>On HP-UX B.11.11, one must install the HP-UX Strong Random Number Generator (KRNG11i) bundle to get /dev/random and /dev/urandom. The KRNG11i bundle can be downloaded for free from the HP software depot, and installation is straightforward.</div> We set ''XKEY'' to the SHA-256 hash of these 1024 bytes.<pre>XKEY = SHA-256(1024 bytes from the system RNG)</pre> This is performed in the <code>RNG_RNGInit</code> function. | ||
* We then add extra entropy input using SHA-256 as the mixing function:<pre>XKEY = SHA-256(XKEY || entropy_input)</pre> This is performed in the <code>RNG_SystemInfoForRNG</code> function. The extra entropy input is either time-varying or machine-varying | * We then add extra entropy input to ''XKEY'' using SHA-256 as the mixing function:<pre>XKEY = SHA-256(XKEY || entropy_input)</pre> This is performed in the <code>RNG_SystemInfoForRNG</code> function. The mixing function is modeled after the reseed processes for the '''Hash_DRBG''' and '''Dual_EC_DRBG''' deterministic random bit generators in NIST SP 800-90 and the Reseed function for the Fortuna random number generator in Ferguson and Schneier's Practical Cryptography. The extra entropy input is either time-varying or machine-varying. On Unix, it includes: | ||
** various high-resolution clocks, such as <code>gettimeofday</code>, several times. | ** various high-resolution clocks, such as <code>gettimeofday</code> and Solaris's <code>gethrtime</code>, several times. | ||
** the names, values, and memory addresses of all the environment variables. | ** the names, values, and memory addresses of all the environment variables. | ||
** current system/kernel statistics, such as Linux's <code>sysinfo</code> function, | ** current system/kernel statistics, such as Linux's <code>sysinfo</code> function, twice. | ||
** static system information, such as machine hardware name, OS release level, hardware serial number, | |||
** the host name (returned by <code>gethostname</code>) | ** the host name (returned by <code>gethostname</code>) | ||
** the | ** the status information (<code>struct stat</code>) and contents of the file specified in the environment variable <code>NSRANDFILE</code> | ||
** the | ** the status information (<code>struct stat</code>) and contents of the files <code>/etc/passwd</code>, <code>/etc/utmp</code> | ||
** the | ** the status information (<code>struct stat</code>) of the directories <code>/tmp</code>, <code>/var/tmp</code>, <code>/usr/tmp</code> | ||
** the output of the <code>"netstat -ni"</code> command. | ** the output of the <code>"netstat -ni"</code> command. | ||
* On Windows, the extra entropy input includes | |||
** various high-resolution clocks, such as <code>QueryPerformanceCounter</code>, <code>GetTickCount</code> and <code>time</code>, several times. | |||
** <code>MEMORYSTATUS</code> returned by <code>GlobalMemoryStatus</code> | |||
** The bitmask returned by <code>GetLogicalDrives</code> | |||
** <code>GetComputerName</code> | |||
** the return values of <code>GetCurrentProcess</code> and <code>GetCurrentProcessId</code> | |||
** information returned by <code>GetVolumeInformation(NULL, ...)</code> | |||
** information returned by <code>GetDiskFreeSpace(NULL, ...)</code> | |||
** <code>ReadSystemFiles</code> | |||
'''References''' | '''References''' | ||