Ben Laurie wrote:
On 27/08/2010 19:38, Joshua Hill wrote:
The fact is that all of the approved deterministic RNGs have places that
you are expected to use to seed the generator. The text of the standard
explicitly states that you can use non-approved non-deterministic RNGs
to seed your
On 09/06/2010 09:49 PM, John Denker wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By practical I
mean to exclude attacks that use such stupendous resources that
it would be far easier to attack other elements of the
On 09/07/2010 10:21 AM, Marsh Ray wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By practical I
mean to exclude attacks that use such stupendous resources that
it would be far easier to attack other elements of the
Forwarded from the saag mailing list:
Begin forwarded message:
Date: Tue, 31 Aug 2010 16:18:48 -0400
From: Russ Housley hous...@vigilsec.com
Subject: [Cfrg] Request for Comments - NIST Draft SP 800-135:
Recommendation for Application-Specific Key Derivation Functions
Original
On 09/07/2010 11:19 AM, Perry E. Metzger wrote:
2) You can shield things so as to make this attack very,
very difficult.
I suspect that for some apps like smart cards that might be hard.
OTOH, it might be straightforward to detect the attempt.
We should take the belt-and-suspenders
On 09/07/2010 12:58 PM, John Denker wrote:
On 09/07/2010 10:21 AM, Marsh Ray wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By practical I
mean to exclude attacks that use such stupendous resources that
it would be far
On Tue, 07 Sep 2010 11:56:25 -0700 John Denker j...@av8n.com wrote:
The true noise level depends only on gain, bandwidth,
temperature, and resistance. Blasting the system
with RF will not lower the temperature, so that's
not a threat.
One could, however, run the card one is trying to attack
On 09/07/2010 02:18 PM, Perry E. Metzger wrote:
The question is, can you make it more expensive to do that than to,
say, buy a new parking card or whatever else the smart card is being
used for. If the attack is fairly cheap and repeatable and yields
something reasonably valuable, you have a
