On Sep 6, 2010, at 10:49 PM, John Denker wrote:
If you think about the use of randomness in cryptography, what
matters
isn't really randomness - it's exactly unpredictability.
Agreed.
This is a very
tough to pin down: What's unpredictable to me may be predictable to
you,
It's easy to
On Tue, 7 Sep 2010 22:22:57 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Sep 6, 2010, at 10:49 PM, John Denker wrote:
It's easy to pin down. If it's unpredictable to the attacker,
it's unpredictable enough for all practical purposes.
I was talking about mathematical, even philosophical,
On Tue, Sep 07, 2010 at 10:22:57PM -0400, Jerry Leichter wrote:
But there isn't actually such a thing as classical thermodynamical
randomness! Classical physics is fully deterministic. Thermodynamics uses
a probabilistic model as a way to deal with situations where the necessary
On 09/06/2010 09:49 PM, John Denker wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By practical I
mean to exclude attacks that use such stupendous resources that
it would be far easier to attack other elements of the
On 09/07/2010 10:21 AM, Marsh Ray wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By practical I
mean to exclude attacks that use such stupendous resources that
it would be far easier to attack other elements of the
On 09/07/2010 11:19 AM, Perry E. Metzger wrote:
2) You can shield things so as to make this attack very,
very difficult.
I suspect that for some apps like smart cards that might be hard.
OTOH, it might be straightforward to detect the attempt.
We should take the belt-and-suspenders
On 09/07/2010 12:58 PM, John Denker wrote:
On 09/07/2010 10:21 AM, Marsh Ray wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By practical I
mean to exclude attacks that use such stupendous resources that
it would be far
On Tue, 07 Sep 2010 11:56:25 -0700 John Denker j...@av8n.com wrote:
The true noise level depends only on gain, bandwidth,
temperature, and resistance. Blasting the system
with RF will not lower the temperature, so that's
not a threat.
One could, however, run the card one is trying to attack
On 09/07/2010 02:18 PM, Perry E. Metzger wrote:
The question is, can you make it more expensive to do that than to,
say, buy a new parking card or whatever else the smart card is being
used for. If the attack is fairly cheap and repeatable and yields
something reasonably valuable, you have a