[148005] in cryptography@c2.net mail archive
Re: [Cryptography] What's a Plausible Attack On Random Number
daemon@ATHENA.MIT.EDU (Bill Stewart)
Mon Nov 4 23:32:31 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 01 Nov 2013 23:33:05 -0700
To: Jerry Leichter <leichter@lrw.com>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <7FF08172-19D5-4EFB-AD43-23C10EFD3415@lrw.com>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, John Gilmore <gnu@toad.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
At 07:21 AM 11/1/2013, Jerry Leichter wrote:
>On Nov 1, 2013, at 7:04 AM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:
> > It sounds like a quick addition to DHCP - an extension that gets
> you 256 bits from the server, would solve 99% of the problem we
> have with embedded devices. It will not be sufficient for
> high-security environments, because an attacker might be listening
> on the local LAN....
>Ahem. This is *exactly* the kind of reasoning I started this thread
>to investigate. (Though I certainly agree that a *single* DHCP
>packet containing a random bit string is easily attacked.)
It's slightly backwards as far as timing goes - if you're trying to
run a pure client, you normally have physical input from the user and
access to a sound card before running anything that needs to generate
encryption keys, so you don't really need it, and if you're running a
server, you almost always want a fixed IP address rather than a
random one from the DHCP pool, so you're probably not going to ask
for DHCP. Also, if you're starting a brand-new-out-of-the-box
server, it doesn't matter if it takes a few minutes before there's
enough entropy to generate keys, because it's new, while the case
where you care most about startup time is restarting a previously
running server that was shut down, so you would have saved a seed by
then. I guess that Cloud World may have occasion to care about how
long it takes to provision a brand-new server from a canned image,
and need to generate an ssh key so a user can log in to update the
rest of their software, because they're paying by the millisecond,
but are they likely to use DHCP as opposed to having Chef/Puppet give
them an address?
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography