On 8/20/2013 2:33 PM, grarpamp wrote:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
On Sun, Sep 8, 2013 at 9:57 PM, David Johnston d...@deadhat.com wrote:
...
I've argued in private (and now here) that a large entropy pool is a natural
response to entropy famine and uneven supply, just like a large grain depot
guards against food shortages and uneven supply.
this is a good
Just appeared on the GnuPG list:
NeuG 0.11 was released. NeuG is an implementation of True Random
Number Generator based on quantization error of ADC of STM32F103.
It is basically intended to be used as a part of Gnuk, but we also
have standalone USB CDC-ACM version (you can get random stream
In terms of usability engineering, /dev/random is fairly cumbersome and in dire
need of reform and expansion.
A user, might want more control of /dev/random - which sources of entropy,
when, and which applications. e.g. I want my Geiger counter to feed
communications and radio noise to feed
On 8/22/13 9:40 AM, Nico Williams wrote:
My suggestion is /dev/urandomN where N is one of 128, 192, or 256, and
represents the minimum entropy estimate of HW RNG inputs to date to
/dev/urandomN's pool. If the pool hasn't received that much entropy
at read(2) time, then block, else never block
On Fri, Aug 23, 2013 at 12:54 AM, Patrick Pelletier
c...@funwithsoftware.org wrote:
On 8/22/13 9:40 AM, Nico Williams wrote:
My suggestion is /dev/urandomN where N is one of 128, 192, or 256, and
represents the minimum entropy estimate of HW RNG inputs to date to
/dev/urandomN's pool. If
You can use DieHarder, which is a collection of statistical tests to evaluate
if somethings looks random.
grarpamp grarp...@gmail.com schrieb:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be
On 21. Aug 2013, at 09:32 AM, Dominik domi...@dominikschuermann.de wrote:
You can use DieHarder, which is a collection of statistical tests to evaluate
if somethings looks random.
Problem is that you have to use the suite in a proper way. Checking
a single weak Debian SSL key pair probably
On Mon, Aug 19, 2013 at 09:41:20AM -0400, Jeffrey Walton wrote:
On Mon, Aug 19, 2013 at 9:20 AM, Aaron Toponce aaron.topo...@gmail.com
wrote:
...
It's a shame http://entropykey.co.uk is no longer in business. I was able to
procure 5 entropy keys just before they folded, and they're
On Mon, Aug 19, 2013 at 07:20:45AM -0600, Aaron Toponce wrote:
On Sun, Aug 18, 2013 at 05:07:49PM -0700, coderman wrote:
i am surprised this has not surfaced more often in this thread:
if you need good entropy: use a hardware entropy generator!
It's a shame http://entropykey.co.uk is no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/20/2013 05:33 PM, grarpamp wrote:
The subject thread is covering a lot about OS implementations and
RNG various sources. But what are the short list of open source
tools we should be using to actually test and evaluate the
resulting number
On Tue, Aug 20, 2013 at 12:46:42PM +1200, Peter Gutmann wrote:
I don't see what the point is though, given that there's more than enough
noisy data available on a general-purpose PC.
True. I use http://www.issihosts.com/haveged/ on physical hardware, and the
entropy keys by Simtec for virtual
grarpamp grarp...@gmail.com wrote:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
Two good ones are listed linked here
On Tue, Aug 20, 2013 at 05:33:05PM -0400, grarpamp wrote:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
As already mentioned
On 20/08/13 03:46 AM, Peter Gutmann wrote:
shawn wilson ag4ve...@gmail.com writes:
It's not like they're the only ones that sell these, but they /were/ the only
ones to sell USB PRNG at $800.
You can get them for as little as $50 in the form of USB-key media players
running Android. Or if
ianG i...@iang.org writes:
On a related point, what name do we give to the design/pattern for
entropy sources == mix/pool == deterministic expansion function
?
The standard way to do things? Or a standard CSPRNG (continually seeded
PRNG).
Peter.
On 20 August 2013 01:46, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
I don't see what the point is though, given that there's more than enough
noisy data available on a general-purpose PC.
A general purpose cloud VM where an attacker has a chance to run his VM
on the same underlying hardware
On 2013-08-20 1:31 AM, ianG wrote:
It's a recurring theme -- there doesn't seem to be enough market
demand for Hardware RNGs.
Every microphone is a hardware RNG
___
cryptography mailing list
cryptography@randombit.net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/08/13 07:08, ianG wrote:
On a related point, what name do we give to the design/pattern for
entropy sources == mix/pool == deterministic expansion function
? I was asked this seconds after tasking my intern to build one
:-/
Seems like
, 20 Aug 2013 5:54
Subject: Re: [cryptography] urandom vs random
On 2013-08-20 1:31 AM, ianG wrote:
It's a recurring theme -- there doesn't seem to be enough market
demand for Hardware RNGs.
Every microphone is a hardware RNG
___
cryptography mailing
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
___
cryptography mailing list
Most regular people can't accurately test or evaluate the output.
Numbers aren't random, the sources are. You can't just judge a PRNG by
it's output. For all you know the PRNG could be doing nothing more
than doing SHA256 of a fixed value plus a counter, and if somebody
would know that fixed value
On Tue, Aug 20, 2013 at 5:58 PM, Natanael natanae...@gmail.com wrote:
For all you know the PRNG could be doing nothing more
than doing SHA256 of a fixed value plus a counter
Yes, and in an application where even that trivial design would serve
to fit some use, testing the apparent randomness.of
On 2013-08-21 7:33 AM, grarpamp wrote:
The subject thread is covering a lot about OS implementations
and RNG various sources. But what are the short list of open
source tools we should be using to actually test and evaluate
the resulting number streams?
We all know that randomness is required for good crypto, but what is the a
measurable difference in the quality of the crypto if using a Linux PRNG
(or in our case the Java SecureRandom PRNG)? How much easier is it to
crack an encrypted file done with such weaker PRNGs compared to the
hardware
On Sun, Aug 18, 2013 at 05:07:49PM -0700, coderman wrote:
i am surprised this has not surfaced more often in this thread:
if you need good entropy: use a hardware entropy generator!
It's a shame http://entropykey.co.uk is no longer in business. I was able to
procure 5 entropy keys just before
On Mon, Aug 19, 2013 at 9:20 AM, Aaron Toponce aaron.topo...@gmail.com wrote:
...
It's a shame http://entropykey.co.uk is no longer in business. I was able to
procure 5 entropy keys just before they folded, and they're awesome.
Yeah, I really liked EntropyKey. I tried to place an order last
[Aaron Toponce aaron.topo...@gmail.com (2013-08-19 13:20:45 UTC)]
I'm currently working on a program to feed the random data found
from an RTL-SDR dongle into the entropy pool. Then just tune to an
empty frequency, and let atmospheric noise rule.
The raspberry pi supposedly has a hardware RNG
They're also not super good. They barely keep up with my ssh traffic and it
took ages to create a key for whatever Arch wanted (don't recall what).
On Mon, Aug 19, 2013 at 10:21 AM, Harald Hanche-Olsen
han...@math.ntnu.nowrote:
[Aaron Toponce aaron.topo...@gmail.com (2013-08-19 13:20:45 UTC)]
On Mon, Aug 19, 2013 at 09:41:20AM -0400, Jeffrey Walton wrote:
Yeah, I really liked EntropyKey. I tried to place an order last year
(or early this year). It was never fulfilled and no one responded.
I knew the were having some troubles, but I could not determine the
cause. Why did they
Hi Aaron,
Here is the last I saw of them (besides the website being up):
http://lists.simtec.co.uk/pipermail/entropykey-users/2013-July/thread.html.
They claim to still be around (from the last in the thread):
We've gone through a major crisis, but are still here... just. To say
any
On 19/08/13 18:21 PM, Aaron Toponce wrote:
On Mon, Aug 19, 2013 at 09:41:20AM -0400, Jeffrey Walton wrote:
Yeah, I really liked EntropyKey. I tried to place an order last year
(or early this year). It was never fulfilled and no one responded.
I knew the were having some troubles, but I could
On Mon, Aug 19, 2013 at 11:27:37AM -0400, Jeffrey Walton wrote:
Here is the last I saw of them (besides the website being up):
http://lists.simtec.co.uk/pipermail/entropykey-users/2013-July/thread.html.
They claim to still be around (from the last in the thread):
We've gone through a
Aaron Toponce aaron.topo...@gmail.com wrote:
On Sun, Aug 18, 2013 at 05:07:49PM -0700, coderman wrote:
i am surprised this has not surfaced more often in this thread:
if you need good entropy: use a hardware entropy generator!
It's a shame http://entropykey.co.uk is no longer in business.
On Mon, Aug 19, 2013 at 11:31 AM, Aaron Toponce aaron.topo...@gmail.comwrote:
Hopefully they rise like a phoenix, and their product is for sale again. I
would like to purchase more.
No kidding. I think someone on here told me about them and I tried to get
one a bit later and couldn't. I
if they had a product, you would have had it.
It's a recurring theme -- there doesn't seem to be enough market demand for
Hardware RNGs.
I once toyed with the idea of creating an open source hardware design
This reminds me, where are the open designs for a strong hwRNG based
on the common
shawn wilson ag4ve...@gmail.com writes:
It's not like they're the only ones that sell these, but they /were/ the only
ones to sell USB PRNG at $800.
You can get them for as little as $50 in the form of USB-key media players
running Android. Or if you really insist on doing the whole thing
Sandy Harris sandyinch...@gmail.com writes:
A sound device is available on many server boards and often unused, or you
can add one in a slot or USB on others,
A friend of mine looked at this a while back using the pretty simple technique
of drawing a scatter plot from the samples. The output of
On Aug 19, 2013, at 7:46 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
You can get them for as little as $50 in the form of USB-key media players
running Android. Or if you really insist on doing the whole thing yourself,
get something like an EA-XPR-003 ($29 in single-unit quantities
On 8/19/13 1:51 PM, grarpamp wrote:
This reminds me, where are the open designs for a strong hwRNG based
on the common smoke detector? People say they want a hwRNG, lots
of them are free for asking right down the street at the demolition site.
But where are the designs?
The creator of HotBits
On 2013-08-18 4:11 PM, Ben Laurie wrote:
If I chose to run Linux, I could fix the version I ran. In fact, I
choose not to run it, so I don't need to.
But if you write software, you don't write it just for your own
computer, so if you write software for linux, you have to write it for
the
On 18/08/13 09:11 AM, Ben Laurie wrote:
If I chose to run Linux, I could fix the version I ran. In fact, I
choose not to run it, so I don't need to.
Indeed, or:
That's terrible advice. Implement your own crypto of any sort widely
leads to complete fail, as we see repeatedly.
;) gentle
On 18 August 2013 02:55, James A. Donald jam...@echeque.com wrote:
On 2013-08-18 4:11 PM, Ben Laurie wrote:
If I chose to run Linux, I could fix the version I ran. In fact, I choose
not to run it, so I don't need to.
But if you write software, you don't write it just for your own
On Sat, Aug 17, 2013 at 12:48:12PM -0400, Sandy Harris wrote:
On Fri, Aug 16, 2013 at 11:07 AM, Aaron Toponce aaron.topo...@gmail.com
wrote:
The /dev/urandom device in the Linux kernel uses the Yarrow pseudo random
number generator when the entropy pool has been exhausted.
No, it
On Sat, Aug 17, 2013 at 12:24:45AM -, D. J. Bernstein wrote:
I'm not saying that /dev/urandom has a perfect API. It's disappointingly
common for vendors to deploy devices where the randomness pool has never
been initialized; BSD /dev/urandom catches this configuration bug by
blocking, but
On Sun, Aug 18, 2013 at 10:14 AM, Ben Laurie b...@links.org wrote:
... my advice is that you probably should not run Linux if you need
strong randomness.
i am surprised this has not surfaced more often in this thread:
if you need good entropy: use a hardware entropy generator!
also use a
On 17/08/13 10:57 AM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com writes:
It might be useful to think of what a good API would be.
The problem isn't the API, it's the fact that you've got two mutually
exclusive requirements, the security geeks want the (P)RNG to block until
On 17 August 2013 06:01, ianG i...@iang.org wrote:
On 17/08/13 10:57 AM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com writes:
It might be useful to think of what a good API would be.
The problem isn't the API, it's the fact that you've got two mutually
exclusive
On 17/08/13 14:46 PM, Ben Laurie wrote:
On 17 August 2013 06:01, ianG i...@iang.org mailto:i...@iang.org wrote:
On 17/08/13 10:57 AM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com
mailto:n...@cryptonector.com writes:
It might be useful to think of
On 17 August 2013 08:05, ianG i...@iang.org wrote:
On 17/08/13 14:46 PM, Ben Laurie wrote:
On 17 August 2013 06:01, ianG i...@iang.org mailto:i...@iang.org
wrote:
On 17/08/13 10:57 AM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com
On Sat, Aug 17, 2013 at 7:46 AM, Ben Laurie b...@links.org wrote:
...
Also, if there are other sources, why are they not being fed in to the
system PRNG?
Linux 3.x kernels decided to stop using IRQ interrupts (removal of the
IRQF_SAMPLE_RANDOM flag, without an alternative to gather entropy).
On Fri, Aug 16, 2013 at 11:07 AM, Aaron Toponce aaron.topo...@gmail.com wrote:
The /dev/urandom device in the Linux kernel uses the Yarrow pseudo random
number generator when the entropy pool has been exhausted.
No, it doesn't, or at least did not last time I looked at the code, a few
months
On 17 August 2013 10:09, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Aug 17, 2013 at 7:46 AM, Ben Laurie b...@links.org wrote:
...
Also, if there are other sources, why are they not being fed in to the
system PRNG?
Linux 3.x kernels decided to stop using IRQ interrupts (removal
On Sat, Aug 17, 2013 at 6:39 PM, Sandy Harris sandyinch...@gmail.comwrote:
shawn wilson ag4ve...@gmail.com wrote:
I thought that decent crypto programs (openssh, openssl, tls suites)
should read from random so they stay secure and don't start generating
/insecure/ data when entropy runs
On 2013-08-17 5:57 PM, Peter Gutmann wrote:
Nico Williams n...@cryptonector.com writes:
It might be useful to think of what a good API would be.
The problem isn't the API, it's the fact that you've got two mutually
exclusive requirements, the security geeks want the (P)RNG to block until
On 2013-08-17 10:12 PM, Ben Laurie wrote:
What external crypto can you not fix? Windows? Then don't use
Windows. You can fix any crypto in Linux or FreeBSD.
No you cannot.
So what? BSD's definition is superior. Linux should fix their RNG. Or
these people who you think should implement
yersinia yersinia.spi...@gmail.com writes:
To illustrated this, Peter displayed a photograph of three icosahedral says
That He'd thrown at home, saying here, if you need a random number, you can
use 846.
And there's the problem, he used a D20 so there's a bias in the results. If
he'd used a
I think the programs block when reading from random, if the kernel
doesnt have enough entropy. When reading from urandom, that is not the
case. Basically the internal pool is reused to generate pseudo random
bits so that the call doesnt need to block.
As far as I know, there is no measure like 50
On Fri, Aug 16, 2013 at 10:03 AM, Swair Mehta swairme...@gmail.com wrote:
As far as I know, there is no measure like 50 or so for /dev/random.
/proc/sys/kernel/random/entropy_avail
___
cryptography mailing list
cryptography@randombit.net
On Fri, Aug 16, 2013 at 6:32 AM, shawn wilson ag4ve...@gmail.com wrote:
I thought that decent crypto programs (openssh, openssl, tls suites)
should read from random so they stay secure and don't start generating
/insecure/ data when entropy runs low.
This presumes that urandom is somehow
On Fri, Aug 16, 2013 at 11:42 AM, Tony Arcieri basc...@gmail.com wrote:
On Fri, Aug 16, 2013 at 6:32 AM, shawn wilson ag4ve...@gmail.com wrote:
I thought that decent crypto programs (openssh, openssl, tls suites)
should read from random so they stay secure and don't start generating
On Fri, Aug 16, 2013 at 12:03 PM, Tony Arcieri basc...@gmail.com wrote:
On Fri, Aug 16, 2013 at 8:47 AM, Patrick Mylund Nielsen
cryptogra...@patrickmylund.com wrote:
Not for nothing, but that refers to both random and urandom, showing one
problem with the entropy estimation, and another
On Fri, Aug 16, 2013 at 9:18 AM, Patrick Mylund Nielsen
cryptogra...@patrickmylund.com wrote:
Yes, but they aren't talking about urandom. Your reply made it sound like
random is weak, but the paper points to both (as urandom is seeded by
random), and they propose a new AES-based PRNG that
On Fri, Aug 16, 2013 at 3:30 PM, Tony Arcieri basc...@gmail.com wrote:
On Fri, Aug 16, 2013 at 9:18 AM, Patrick Mylund Nielsen
cryptogra...@patrickmylund.com wrote:
Yes, but they aren't talking about urandom. Your reply made it sound like
random is weak, but the paper points to both (as
On Fri, Aug 16, 2013 at 12:49 PM, Patrick Mylund Nielsen
cryptogra...@patrickmylund.com wrote:
You replied with a link to a paper that states that both /dev/random and
/dev/urandom have the same weaknesses, and said that /dev/random isn't
robust.
I was quoting the title of the paper in the
On Fri, Aug 16, 2013 at 12:55 PM, Tony Arcieri basc...@gmail.com wrote:
I was quoting the title of the paper in the context of a thread in which
someone claimed that /dev/random should be used in lieu of /dev/random.
That's all I was pointing out.
Blah, /dev/urandom...
--
Tony Arcieri
Aaron Toponce writes:
Cryptographers don't like the idea that it's possible, even if it's
excessively remote, and highly unprobable. This is why you see suggestions
to use /dev/random for long term SSH, SSL and OpenPGP keys.
Cryptographers are certainly not responsible for this superstitious
On Fri, Aug 16, 2013 at 7:24 PM, D. J. Bernstein d...@cr.yp.to wrote:
I'm not saying that /dev/urandom has a perfect API. [...]
It might be useful to think of what a good API would be. I've thought
before that the Unix everything-as-a-file philosophy makes for lame
entropy APIs, and yet it's
At startup, likely to be short of entropy.
Actual behavior, and even existence, of /dev/random and /dev/urandom
varies substantially from one implementation to another.
If /dev/random blocks when short of entropy, then likely to block at
startup, which is good. Services that need entropy do
On Fri, Aug 16, 2013 at 10:01 PM, James A. Donald jam...@echeque.com
wrote:
If /dev/urandom seeded at startup, and then seeded no further, bad, but not
very bad.
If /dev/urandom seeded at startup from /dev/random, then should block at
startup.
If /dev/urandom never blocks, bad. Should block
On Fri, Aug 16, 2013 at 10:33:11PM -0400, shawn wilson wrote:
On Fri, Aug 16, 2013 at 10:01 PM, James A. Donald jam...@echeque.com wrote:
At startup, likely to be short of entropy.
If /dev/urandom seeded at startup, and then seeded no further, bad, but not
very bad.
If /dev/urandom
71 matches
Mail list logo