[147931] in cryptography@c2.net mail archive
Re: [Cryptography] What's a Plausible Attack On Random Number
daemon@ATHENA.MIT.EDU (Joe Abley)
Thu Oct 31 16:57:28 2013
X-Original-To: cryptography@metzdowd.com
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <CADpjbE17V5Y8_AW-ZJxFka-i4LaqjjdzdTU-CTiotoRTbx1k1Q@mail.gmail.com>
Date: Thu, 31 Oct 2013 16:29:17 -0400
To: David Mercer <radix42@gmail.com>
Cc: Jerry Leichter <leichter@lrw.com>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1985322991910891101==
Content-Type: multipart/signed; boundary="Apple-Mail=_C5F8352D-BBA4-4482-B09E-377E01B68ADE"; protocol="application/pgp-signature"; micalg=pgp-sha1
--Apple-Mail=_C5F8352D-BBA4-4482-B09E-377E01B68ADE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
On 2013-10-31, at 14:48, David Mercer <radix42@gmail.com> wrote:
> Your datacenter description is a pretty good match for what I've seen =
in the last 10+ years for decently high-end facilities. The main flaw I =
can see is in using the network for entropy on boot up, especially on =
first boot. As there are quite a few services starting up that need good =
random numbers in most systems, you are as you say going to wait a while =
to grab enough entropy. Your entropy collection is going to have to =
start so early in the boot process that you aren't going to be sending =
out much, if any, network traffic, and are not going to be getting much =
of it. =20
Perhaps there's an opportunity here to think about dedicated hosts in =
such a network with good random number sources which spray randomness =
around a site-local multicast scope.
Such an approach could be weakened by spraying similar (deliberately) =
weak randomness around the place, which implies a need to authenticate =
the real random spray sources (pre-shared key + signed random payload, =
or something).
Joe
--Apple-Mail=_C5F8352D-BBA4-4482-B09E-377E01B68ADE
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlJyvZ0ACgkQNI8MvYZSOiy5ywCcCxj6hENCJKmnyYnhSEMw2Kqa
WSYAoKmNDnaEh98eysCI7RBz7M4bst3c
=b2HX
-----END PGP SIGNATURE-----
--Apple-Mail=_C5F8352D-BBA4-4482-B09E-377E01B68ADE--
--===============1985322991910891101==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1985322991910891101==--