[148127] in cryptography@c2.net mail archive
Re: [Cryptography] SP800-90A B & C
daemon@ATHENA.MIT.EDU (Watson Ladd)
Mon Nov 11 23:36:31 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <1384212209.4022.106.camel@excessive.dsl.static.sonic.net>
Date: Mon, 11 Nov 2013 19:38:28 -0800
From: Watson Ladd <watsonbladd@gmail.com>
To: Bear <bear@sonic.net>
Cc: Cryptography <cryptography@metzdowd.com>, David Johnston <dj@deadhat.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Mon, Nov 11, 2013 at 3:23 PM, Bear <bear@sonic.net> wrote:
> On Mon, 2013-11-11 at 21:18 +0000, dj@deadhat.com wrote:
>
>> Part of my argument was that we can have both. The design must ensure that
>> if designed to the spec without manipulation, it will offer secure random
>> numbers.
>
> But if we have no way of verifying that it is designed to the spec
> without manipulation we have no way of verifying that any security
> exists. I have a problem with that..
>
>> The spec can allow that users can mix in their own sources to
>> mitigate the issues that the former model raises.
>
> And it must.
>
> There absolutely must be a requirement for sources of entropy whose
> nature and functioning are verifiable.
Such as the clock skew between the CPU and wall power, or sampling the
Johnson noise in a resistor, or
lots of other physical effects. If you don't trust your CPU designer
to add in a ring oscillator, add an external one and use
it. But why shouldn't the spec ask you to explain why what you are
doing is likely to get entropy into the system?
And if you don't like the spec, don't use it.
>
> Bear
>
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
--
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
