[147955] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] /dev/random initialisation
daemon@ATHENA.MIT.EDU (James A. Donald)
Sat Nov 2 12:18:46 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 02 Nov 2013 12:27:16 +1000
From: "James A. Donald" <jamesd@echeque.com>
CC: cryptography@metzdowd.com
In-Reply-To: <129DF2E9-6F7C-43AC-B136-F63A0FA3996D@lrw.com>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Oct 30, 2013, "James A. Donald"
> > No source of entropy can ever be harmful. The worst that can happen
> > is that it is entirely predictable to the adversary, in which case
> > it does little good, but can never do harm.
On 2013-10-31 07:00, Jerry Leichter wrote:>
> Now suppose I inject j >> k bits of my own, controlled data,
> declaring that it represents j bits of entropy - all the while
> continuing to draw j bits out.
You have to have root access to declare your entropy represents j bits.
If the adversary has root access, game over. We have to assume that OS
writers and system owners are the people we are trying to protect, not
the people who are attacking.
The NSA rule is not intended to exclude adversaries, but rather intended
to exclude operating system writers who are non NSA.
It is intended to prohibit non NSA sources of entropy.
Thus it makes sense only from the point of view that the NSA wants to
get the upper hand over the person who owns the computer.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography