[147830] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (Tony Naggs)
Thu Oct 24 10:52:41 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CACsn0c=c_w-eqnGS6NgagC0D8VaR1BACroWG4cZMDtK9UMCnHA@mail.gmail.com>
Date: Wed, 23 Oct 2013 22:01:55 +0100
From: Tony Naggs <tonynaggs@gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: John Kelsey <crypto.jmk@gmail.com>, Russ Nelson <nelson@crynwr.com>,
Cryptography <cryptography@metzdowd.com>,
"rng@lists.bitrot.info" <rng@lists.bitrot.info>, John Denker <jsd@av8n.com>
Reply-To: tony.naggs@gmail.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 22 October 2013 05:17, Watson Ladd <watsonbladd@gmail.com> wrote:
>
> And with a wire that costs 25 cents connecting the wallwart to the
> interrupt pin we've got 60 Hz (50 in Europe) uncorrelated to our local
> clock. Measure the drift, and in 5 seconds we are done collecting 250
> bits of entropy (one bit per interrupt).
I think you a overestimating how much real entropy you will collect this
way.
> 2^40 is not a lot for your colleges in Fort Mead. Imagine this is host
> key generation on hosts on large, important, networks. Piddling with
> the MAC key won't keep out anyone who seriously wants to get in.
If you the adversaries you are concerned about are moderately resourced
they could be able to model this entropy source.
There are a relatively small number of CPU clock frequencies in wide
use and variations on mains frequency are easily discoverable by others,
e.g. other servers at your co-lo. Also, at least in the UK, there are public
records of these variations such as;
http://www.nationalgrid.com/uk/Electricity/Data/Realtime/Frequency/
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
