[147973] in cryptography@c2.net mail archive
Re: [Cryptography] What's a Plausible Attack On Random Number
daemon@ATHENA.MIT.EDU (Kent Borg)
Sun Nov 3 18:09:16 2013
X-Original-To: cryptography@metzdowd.com
Date: Sun, 03 Nov 2013 10:22:24 -0500
From: Kent Borg <kentborg@borg.org>
To: Jerry Leichter <leichter@lrw.com>, Yaron Sheffer <yaronf.ietf@gmail.com>
In-Reply-To: <7FF08172-19D5-4EFB-AD43-23C10EFD3415@lrw.com>
Cc: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
John Gilmore <gnu@toad.com>, David Mercer <radix42@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 11/01/2013 10:21 AM, Jerry Leichter wrote:
> On Nov 1, 2013, at 7:04 AM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:
>> It sounds like a quick addition to DHCP - an extension that gets you 256 bits from the server, would solve 99% of the problem we have with embedded devices. It will not be sufficient for high-security environments, because an attacker might be listening on the local LAN....
> Ahem. This is *exactly* the kind of reasoning I started this thread to investigate. (Though I certainly agree that a *single* DHCP packet containing a random bit string is easily attacked.)
I kind of like the idea of RNGs sharing data, if one is following the
"more sources is safer"-approach, it seems it can't hurt. (Subliminal
channel?? Other system consequences?)
But there is an irony here: aren't most of the DHCP servers out there
little embedded NAT boxes running in homes? RNGs at risk for not having
much entropy shortly after boot...
Just make sure you don't put all your eggs in any one entropy source...
-kb, the Kent who used to callect entropy samples from Linux machines he
encountered, but who eventually lost interest, as he wasn't actually
doing anything with this data, just hoarding it.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography