[147760] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (James A. Donald)
Sun Oct 20 12:20:08 2013
X-Original-To: cryptography@metzdowd.com
Date: Sun, 20 Oct 2013 17:59:12 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <21091.24135.234665.637962@desk.crynwr.com>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 2013-10-20 14:38, Russ Nelson wrote:
> Crypto without a threat model is like cookies without milk.
The threat model is that we are seeing a lot of duplicate factors in
keys, indicating a shortage of randomness, therefore, trying those
common factors will crack a lot of keys.
This is plausibly suspected, but not proven, to be the result of bootup
entropy shortage, that being a known bug. We don't know, however, that
this known bug is causing this known cryptographic weakness.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography