[147844] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (John Kelsey)
Fri Oct 25 14:58:15 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <4F44A1C3-FECD-4AAD-BF4D-D39278839D6D@lrw.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Fri, 25 Oct 2013 08:15:57 -0400
To: Jerry Leichter <leichter@lrw.com>
Cc: Russ Nelson <nelson@crynwr.com>, Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Oct 24, 2013, at 12:55 PM, Jerry Leichter <leichter@lrw.com> wrote:
> As long as you're at it, ask a whole bunch of hosts, close and far, for 256 random bits from their own generators. If even a single one of the response slips by an attacker, he's lost.
>
> This is a process you can repeat periodically - and certainly at each boot - except that after the first time, you can use secure connections, with the best security you are able to set up with each particular host. An attacker then would have to be able to not just see all the responses but also decrypt them.
I like this idea. If my PRNG is in a secure state, I can give out random numbers to anyone who asks. At first startup, it won't be possible to establish a secure connection yet (no entropy), but by asking some hosts for a random number, we ensure that if those messages aren't recorded, the attacker can't possibly guess our PRNG starting state.
> -- Jerry
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
