[147747] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (Russ Nelson)
Sat Oct 19 14:21:04 2013
X-Original-To: cryptography@metzdowd.com
From: Russ Nelson <nelson@crynwr.com>
Date: Sat, 19 Oct 2013 12:27:31 -0400
To: John Denker <jsd@av8n.com>
In-Reply-To: <5262AC6C.7070907@av8n.com>
Cc: Cryptography <cryptography@metzdowd.com>,
"rng@lists.bitrot.info" <rng@lists.bitrot.info>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
John Denker writes:
> What is the chance that the attacker can figure out the
> MAC address of the box?
Without being on the network? Zero. That doesn't mean that all 48 bits
contribute to entropy, but neither does it mean that zero bits
contribute to the entropy pool.
> What is the chance that the attacker can figure out tight
> uppper and lower bounds on the value of the real-time clock?
Let's say that they can. That means that the contribution to the
entropy falls within that range.
> What is the chance that the attacker can figure out tight
> uppper and lower bounds on the device serial number?
Let's say that they can. That means that the contribution to the
entropy falls within that range.
Can you see where this is going? There is an growing amount of
entropy in the world. Why are you worried about running out of it, or
finding it unavailable except over a very short time window?
> Go ahead and mix in stuff likt he RTC and the MAC address
> if you want, but you'll have a hard time convincing anybody
> that such things are sufficient.
I just convinced you that the number of bits contributed to the
entropy at start-up time is small, didn't I? If I didn't, why didn't
I?
--
--my blog is at http://blog.russnelson.com
Crynwr supports open source software
521 Pleasant Valley Rd. | +1 315-600-8815
Potsdam, NY 13676-3213 | Sheepdog
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
