[147758] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (Russ Nelson)
Sun Oct 20 01:26:55 2013
X-Original-To: cryptography@metzdowd.com
Date: Sun, 20 Oct 2013 00:38:31 -0400
From: Russ Nelson <nelson@crynwr.com>
To: John Denker <jsd@av8n.com>
In-Reply-To: <5262B7EA.7050300@av8n.com>
Cc: Cryptography <cryptography@metzdowd.com>,
"rng@lists.bitrot.info" <rng@lists.bitrot.info>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
John Denker writes:
> On 10/19/2013 09:27 AM, Russ Nelson wrote:
> >> Go ahead and mix in stuff like the RTC and the MAC address
> >> if you want, but you'll have a hard time convincing anybody
> >> that such things are sufficient.
> >
> > I just convinced you that the number of bits contributed to the
> > entropy at start-up time is small, didn't I? If I didn't, why didn't
> > I?
>
> Uhhh, that's the answer to a different question. We
> agree that the amount of available entropy is "small".
> My point is that it is too small.
Crypto without a threat model is like cookies without milk.
You're making a claim about the security of a cryptographic algorithm
without specifying the threat model. You are, technically, in a state
of sin. I forgive you my son. Your penance is to memorize another 30
digits of pi.
--
--my blog is at http://blog.russnelson.com
Crynwr supports open source software
521 Pleasant Valley Rd. | +1 315-600-8815
Potsdam, NY 13676-3213 | Sheepdog
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography