'Re: RNG support in FreeDOS?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freedos-dev
Subject:    Re: RNG support in FreeDOS?
From:       "Deranged Mutant" <WlkngOwl () unix ! asb ! com>
Date:       1996-05-21 5:41:49
[Download RAW message or body]

Steffen.Kaiser@t-online.de (Steffen) writes:
[..]
> Hmm. :) If you actually could tell me a place where the kernel itself would
> need it, I'd waste no further word on RNG support within the kernel. Perhaps 

Check out NOISE.SYS at ftp.funet.fi/pub/crypt/random/noise056.zip.
There is a proposed API for crypto RNGs in DOS in the technotes 
file, using Int 32h (as well as RANDOM$ and URANDOM$ devices).

A null hook to Int 32h for safety, with sampling calls to appropriate 
places there from sector reads/writes (the routines that call Int 
13h), keyboard (from KEYB.SYS)?,  timings of certain operations (even 
timing latency), etc.

I'll have to take a look at the source (I had an earlier copy of 
FreeDOS but have put it off until I have a new machine and partition 
to play with it, 'real soon now"...).

> there are already some more or less internal programs, such as EMM386 or MSCDEX, 
> authentificate themselves by passwords against the system?

This only uses RNG services. There's room to add digital signatures 
and hashing, but it'd only be practical on a fast machine (486 or 
Pentium).

[..]
> My problem with adding RNG to the kernel is why a stand-alone *DOS* program,
> which uses crypto keys, doesn't create them itself. As I understand you, you

Because most programs use bad RNGs. PkZip 1.0 encryption or the 1.x 
versions of Netscape are examples where bad session keys or IVs from 
bad RNGs make the system useless.  Setting up an internal system for 
RNGs that is relatively secure (with source accessible for critique, 
etc.) that can be used via normal DOS or have special hardware 
drivers also use it is better, since developers can use a reliable 
source of randomness that users can trust.

> talk about programs that will be written in the (near?) future rather than
> existing ones. Which ones you think of? Or does this driver replace a
> common interface to a hardware RNG device?

PGP comes to mind... (an experimental PGP patch that uses /dev/random 
on Linux or OS/2 hardware RNGs exists)  any crypto app, including email
and network apps. Simulations could also use it.

There is no common RNG hardware interface. The driver is an attempt 
to be similar to interfaces on other operating systems, but also to 
set up something that can be used by hardware RNGs so that apps need 
not worry about details of specific drivers... they can use a common 
API.


Rob.

 
---
No-frills sig.
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic