[147845] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (Peter Saint-Andre)
Fri Oct 25 14:59:02 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 24 Oct 2013 13:50:18 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
To: Jerry Leichter <leichter@lrw.com>, John Kelsey <crypto.jmk@gmail.com>
In-Reply-To: <4F44A1C3-FECD-4AAD-BF4D-D39278839D6D@lrw.com>
Cc: Russ Nelson <nelson@crynwr.com>, Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/24/13 10:55 AM, Jerry Leichter wrote:
> On Oct 24, 2013, at 10:59 AM, John Kelsey <crypto.jmk@gmail.com>
> wrote:
>> We seem to be seeing a move toward commonly-used CPUs including
>> hardware entropy sources. With those, we're in a much better
>> position. There's always the possibility that the entropy source
>> was cooked or flawed, but that's something you can engineer your
>> way around reasonably well.
>>
>> Suppose you have a cryptographic PRNG that you initialize with a
>> seed like this:
>>
>> a. Get 256 bits of entropy from the OS. b. Get 256 bits of
>> entropy from the hardware entropy source. c. Ping several hosts
>> on the internet and measure the response time, and fold that into
>> your seed. d. Fold your ethernet address, IP address, and serial
>> number into the seed. e. Fold the installed-at-birth secret 128
>> bit value from your device into the seed.
> As long as you're at it, ask a whole bunch of hosts, close and far,
> for 256 random bits from their own generators. If even a single
> one of the response slips by an attacker, he's lost.
By 'hosts' do you mean do you mean servers, or also endpoints? If the
latter, I see interesting possibilities for a "network of friends"
system of the kind Perry sketched out here a month or two ago.
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJSaXn6AAoJEOoGpJErxa2pDzQP/ihsPHVaorNy102mrCnhcp4m
mLGyEw8osV8IocwbMGkbZWA/S4DSU+fT7zD0QJkND4Y6985jAA6uil5auyd98+ee
+ciMVVOsLcvynlaMY6/rjzRx3nSKRy01dc3azLQaZzsktiP3P8KbqnmboNjBeDe1
5MLlRQeLJXWO6jAiG3oh3mIoiD854vHYMj1TBKcmzMIs3MpQLaiZ5HA9W9ekwbTo
1zJi9SjJlBZsLrQEYbGWuybbCRb4deedu7H/7jfAz5F2RoBTY8CEL8SXP8IjfAiJ
dEmo2sd7/CfLGPJPIPCqgK5FY/y9bEy7ag6EpUpGKOP4DxxBLyHHWQcj6dyPykGl
XjvNUlIezfNyj6cmWo3SpabWsloar6Qo6WoPXxvOmHuwK1RILxf995tNrzyZPnYO
bKAXX6EwkAMYiftxVDlqUy93yIqunlnMRosTjA5AuS7xsVcgxUTqVWG7Et69ZSEZ
Y2/cR5L5rAmHw+azgE8tumqQLIYr0PqEA6XiZQeqHCoNCmLpatn2eEXx3sS9WaLr
C4rf2SMHHTSef1d+spE2G2rxvamA7HpqIj61gPDG0IhDiDsH4RkGEDvzmkiZvdY8
zxaVBj0Y/Zlh15SUOSfIc6w/J/ak/QoGInSCpjOBnBqScxdx1saML9G6M2B4XTge
DTR/4rmF7JTtN+XifAEl
=CZVI
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography