Re: towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)

2010-08-27 Thread Richard Salz
(For what it's worth, I find your style of monocase and ellipses so 
incredibly difficult to read that I usually delete your postings unread.)

 as previously mentioned, somewhere back behind everything else ... there
 is strong financial motivation in the sale of the SSL domain name 
digital
 certificates.

I don't doubt that this was true when it was the secure sockets layer and 
e-commerce on the web were just starting up.  But I don't think it's 
accurate any longer. Or rather, who cares how VRSN wants to make money? :) 
 Verisign owns a large portion of the CA market; their market-cap is 
US$5B. Google's is US$143B, Apple's is US$220B and Microsoft's is US$206B. 
I mention Google because they are very involved and influential in 
Internet infrastructure, and Apple because many believe they will be 
dominant content delivery system, and Microsoft because they were a 
sponsor of the original SDSI research (
http://people.csail.mit.edu/rivest/sdsi10.html)

If someone has a better mousetrap, there's several places that can make it 
happen and swallow 44% of the SSL market (
https://press.verisign.com/easyir/customrel.do?easyirid=AFC0FF0DB5C560D3version=liveprid=631314releasejsp=custom_97
) with nary a burp.

/r$

--
STSM, WebSphere Appliance Architect
https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: questions about RNGs and FIPS 140

2010-08-27 Thread Thomas
Hello.

Am Donnerstag 26 August 2010 12:25:55 schrieb Jerry Leichter:
[...]
  4) What about VMs?
  Rolling back a deterministic RNG on those systems gives the same
  values unless/until you re-seed with something new to this iteration
 
 I'm not sure what you mean by rolling back.  Yes, if you restart any
 deterministic RNG with a previously-used internal state, it will
 generate the same stream it did before.  This is true whether you are
 in a VM or not.

That is true.
Luckily /dev/random is re-seeded during run-time. So even if you do
a roll-back of a system and the new input it non-deterministic it will
generate different output immediately.


 RNG's in VM's are a big problem because the unpredictable values
 used in the non-deterministic parts of the algorithms - whether you
 use them just for seeding or during updating as well - are often much
 more predictable in a VM than a real machine.  (For example, disk
 timings on real hardware have some real entropy, but in a VM with an
 emulated disk, that's open to question.)

I really doubt it. Are there papers about it?
It does not matter if there is one physical disk that is shared
between 1000 processes or between 10 VMs each running 100 processes
(assuming a shared random pool).
The entropy is not generated by the disk but by the processes accessing
it in a (hopefully) non-deterministic way. The HDD interrupts are just
the sampling point. Therefore gaining entropy depends on the level of 
abstraction where the sampling point is placed. It can be assumed that
the buffered HDD writing and reading on the host of a VM produce
less entropy than the real read(2) and write(2) calls within the VM
itself.


Bye
Thomas

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: questions about RNGs and FIPS 140

2010-08-27 Thread Thor Lancelot Simon
On Fri, Aug 27, 2010 at 07:20:06PM +1200, Peter Gutmann wrote:
 
 No.  If you choose your eval lab carefully you can sneak in a TRNG somewhere
 as input to your PRNG, but you can't get a TRNG certified, and if you're
 unlucky you won't be allowed to use a TRNG at all.

I am surprised you'd have trouble with this at any lab.  Isn't there
specific guidance on this in the DTRs?  My 10-years-rusty recollection
is that, specifically, the input used to key the Approved RNG may not
contain provably less entropy than the Approved RNG's output, or words
very close to that in effect.

Thor

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com