Re: [cryptography] OneRNG kickstarter project looking for donations
On 15 December 2014 at 19:18, ianG i...@iang.org wrote: https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator About this project After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it? We honestly don't know, but like a lot of people we're worried about our privacy and security. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure. Some people say that they also intercept hardware during shipping to install spyware. I don't really get the relevance to OpenSSL - Dual EC DRBG was vulnerable regardless of the entropy source. And, as already mentioned, not actually vulnerable in OpenSSL anyway. We believe it's time we took back ownership of the hardware we use day to day. This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP. Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield (a 'tin foil hat') so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell. In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed. I am curious if there's any evidence that avalanche diodes and Zigbee receivers are immune to outside influence (one would've thought not in the case of the receiver, at least, which is designed to be influenced by the outside)? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OneRNG kickstarter project looking for donations
why is that onerng better than http://www.seeedstudio.com/wiki/FST-01 ? why not fund something actually new ? On Tue, Dec 16, 2014 at 10:23 AM, Ben Laurie b...@links.org wrote: On 15 December 2014 at 19:18, ianG i...@iang.org wrote: https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator About this project After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it? We honestly don't know, but like a lot of people we're worried about our privacy and security. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure. Some people say that they also intercept hardware during shipping to install spyware. I don't really get the relevance to OpenSSL - Dual EC DRBG was vulnerable regardless of the entropy source. And, as already mentioned, not actually vulnerable in OpenSSL anyway. We believe it's time we took back ownership of the hardware we use day to day. This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP. Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield (a 'tin foil hat') so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell. In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed. I am curious if there's any evidence that avalanche diodes and Zigbee receivers are immune to outside influence (one would've thought not in the case of the receiver, at least, which is designed to be influenced by the outside)? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OneRNG kickstarter project looking for donations
Francisco, Sorry for resend, used wrong alias for the ML... On Tue, Dec 16, 2014 at 11:06:01AM +, Francisco Guerreiro wrote: why is that onerng better than http://www.seeedstudio.com/wiki/FST-01 ? why not fund something actually new ? A good friend of mine often says Filesystems should *not* be new and exciting. I believe the same holds for crypto and random number generation. In both cases, the job the code/hw is entrusted with is too critical for unproven methods. Of course, there's then the chicken/egg problem of how do the new methods become the trusted methods 5 to 10 years from now? thx, Jason. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OneRNG kickstarter project looking for donations
On 12/16/2014 6:06 AM, Francisco Guerreiro wrote: why is that onerng better than http://www.seeedstudio.com/wiki/FST-01 ? why not fund something actually new ? On Tue, Dec 16, 2014 at 10:23 AM, Ben Laurie b...@links.org mailto:b...@links.org wrote: On 15 December 2014 at 19:18, ianG i...@iang.org mailto:i...@iang.org wrote: https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator About this project After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it? We honestly don't know, but like a lot of people we're worried about our privacy and security. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure. Some people say that they also intercept hardware during shipping to install spyware. I don't really get the relevance to OpenSSL - Dual EC DRBG was vulnerable regardless of the entropy source. And, as already mentioned, not actually vulnerable in OpenSSL anyway. We believe it's time we took back ownership of the hardware we use day to day. This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP. Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield (a 'tin foil hat') so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell. In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed. I am curious if there's any evidence that avalanche diodes and Zigbee receivers are immune to outside influence (one would've thought not in the case of the receiver, at least, which is designed to be influenced by the outside)? ___ cryptography mailing list cryptography@randombit.net mailto:cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography Nuk isn't very flexible. So the product is original. -- Kevin --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OneRNG kickstarter project looking for donations
On 2014-12-15, at 1:18 PM, ianG i...@iang.org wrote: https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator Although I’ve got some quibbles with the description, I was more than happy to back this. Before I get to those quibbles, I will talk a bit out why I enthusiastically am backing this project. I work for a company that makes a consumer-oriented password manager. We need to generate a number of cryptographic keys, and on OS X and Windows we rely on the CSPRNGs provided by those OSes. (We do our own version of HKDF when generating master keys, but still are using the OSes CSPRNGs). After BULLRUN, we took a look at all of the crypto that we use with an eye to whether there was a possibility of it having a backdoor or being deliberately weakened. The only primitives that we were using were AES and SHA-2, and so remained confident that neither the algorithms nor the implementations could be backdoored in a way that could remain undetected. (Because of how we use these, things like timing attacks and other side-channel attacks are not relevant.) The exception, of course, is with the system CSPRNGs. It is just hard know that they are behaving as advertised. Perhaps when I ask for 16 random bytes, I’m only getting 64 bits of entropy. (Of course the system can’t be too biased without that being eventually detected). Anyway, so I love the idea of having something like this. I can combine data from this sort of device with data from system’s CSPRNGs (possibly using HKDF or even a simple XOR) and be guaranteed something that is at least as strong as the strongest of the two. (I might have to look at what kinds of processes might be able to snoop on data retrieved from the USB device in userland.) Now some minor quibbles of presentation. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, To my knowledge it is only one PRNG, and while “one” can be considered “some” it is a bit misleading. But more importantly that one never actually got used on OpenSSL. It turns out that there was an implementation bug that rendered Dual_EC_DRBG completely unusable in OpenSSL. Because it was such a poor choice to use anyway, nobody even noticed this until people started to test it after the BULLRUN disclosures. As far as anyone knows, it seems like only the users of RSA Inc’s BSafe crypto library where ever actually subject to the sabotage. and has paid some large crypto vendors millions of dollars to make their software less secure. Again, we have the instance of the deal with RSA Inc to make Dual_EC_DBRG the default in BSafe. While there may be other such deals that we don’t know anything about, that is the one in which there is a smoking gun (and bloody hands, and finger prints). I find it deliciously ironic that many (most?) of RSA Inc.’s customers are those doing military contracting for the US. I’m not at all trying to say, “well, it was just that once”. After all, what we’ve learned from this is what the NSA is willing to do to subvert cryptographic tools. And we know from BULLRUN about the existence of “working with our industry partners”, but we are left frustratingly blind as to what that actually means. So I fully agree that what the BULLRUN revelations mean is that the government never actually surrendered at the end of the Crypto Wars. Instead they pretended to, but went on fighting underground. Some people say that they also intercept hardware during shipping to install spyware. Although I believe that such intercepts and implants do happen, I react badly to “Some people say …” It’s the kind of phrase that at least in the US is followed by things “… Obama is plotting to outlaw Christianity”. “Some people say …” is use all to often to start rumors without ever being accountable. I would replace “Some people say” in your notice with “There is reason to believe”. (There is reason to believe.) Again, I am fully supportive of the goals and the reasons for this project. I just have quibbles about the text that I have probably gone on about too much. Cheers, -j smime.p7s Description: S/MIME cryptographic signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography