On Sun, 8 Sep 2013 15:22:32 -0400 "Perry E. Metzger"
wrote:
> Ah, now *this* is potentially interesting. Imagine if you have a
> crypto accelerator that generates its IVs by encrypting information
> about keys in use using a key an observer might have or could guess
> from a small search space.
O
On Sep 9, 2013, at 9:17 AM, Kent Borg wrote:
>> Which brings into the light the question: Just *why* have so many random
>> number generators proved to be so weak.
>
> Your three cases left off an important one: Not bothering to seed the PRNG at
> all. I think the Java/Android cryptographic (!
On 09/08/2013 11:56 PM, Jerry Leichter wrote:
Which brings into the light the question: Just *why* have so many random
number generators proved to be so weak.
Your three cases left off an important one: Not bothering to seed the
PRNG at all. I think the Java/Android cryptographic (!) librar
On 9/09/13 06:42 AM, James A. Donald wrote:
On 2013-09-09 11:15 AM, Perry E. Metzger wrote:
Lenstra, Heninger and others have both shown mass breaks of keys based
on random number generator flaws in the field. Random number
generators have been the source of a huge number of breaks over time.
P
On Sep 8, 2013, at 9:15 PM, Perry E. Metzger wrote:
>> I don't see the big worry about how hard it is to generate random
>> numbers unless:
>
> Lenstra, Heninger and others have both shown mass breaks of keys based
> on random number generator flaws in the field. Random number
> generators have b
On 09/08/2013 09:15 PM, Perry E. Metzger wrote:
Perhaps you don't see the big worry, but real world experience says it
is something everyone else should worry about anyway.
I overstated it.
Good random numbers are crucial, and like any cryptography, exact
details matter. Programmers are cons
On 2013-09-09 11:15 AM, Perry E. Metzger wrote:
Lenstra, Heninger and others have both shown mass breaks of keys based
on random number generator flaws in the field. Random number
generators have been the source of a huge number of breaks over time.
Perhaps you don't see the big worry, but real
On Sun, 08 Sep 2013 20:34:55 -0400 Kent Borg
wrote:
> On 09/08/2013 06:16 PM, John Kelsey wrote:
> > I don't think you can do anything useful in crypto without some
> > good source of random bits.
>
> I don't see the big worry about how hard it is to generate random
> numbers unless:
Lenstra, H
On 09/08/2013 06:16 PM, John Kelsey wrote:
I don't think you can do anything useful in crypto without some good
source of random bits.
I don't see the big worry about how hard it is to generate random
numbers unless:
a) You need them super fast (because you are Google, trying to secure
you
On Sun, Sep 08, 2013 at 06:16:45PM -0400, John Kelsey wrote:
> I don't think you can do anything useful in crypto without some
> good source of random bits. If there is a private key somewhere
> (say, used for signing, or the public DH key used alongside the
> ephemeral one), you can combine the
On Sep 8, 2013, at 3:55 PM, Thor Lancelot Simon wrote:
...
> I also wonder -- again, not entirely my own idea, my whiteboard partner
> can speak up for himself if he wants to -- about whether we're going
> to make ourselves better or worse off by rushing to the "safety" of
> PFS ciphersuites, whic
On Sun, 8 Sep 2013 15:55:52 -0400 Thor Lancelot Simon
wrote:
> On Sun, Sep 08, 2013 at 03:22:32PM -0400, Perry E. Metzger wrote:
> >
> > Ah, now *this* is potentially interesting. Imagine if you have a
> > crypto accelerator that generates its IVs by encrypting
> > information about keys in use u
On Sun, Sep 08, 2013 at 03:22:32PM -0400, Perry E. Metzger wrote:
>
> Ah, now *this* is potentially interesting. Imagine if you have a
> crypto accelerator that generates its IVs by encrypting information
> about keys in use using a key an observer might have or could guess
> from a small search s
In principle, the malevolent crypto accellerator could flip into weak mode
(however that happens) only upon receiving a message for decryption with some
specific value or property. That would defeat any testing other than constant
observation. This is more or less the attack that keeps paralle
On Sun, 8 Sep 2013 15:10:45 -0400 Thor Lancelot Simon
wrote:
> On Sun, Sep 08, 2013 at 02:34:26PM -0400, Perry E. Metzger wrote:
> >
> > Any other thoughts on how one could sabotage hardware? An
> > exhaustive list is interesting, if only because it gives us
> > information on what to look for in
On Sun, Sep 08, 2013 at 02:34:26PM -0400, Perry E. Metzger wrote:
>
> Any other thoughts on how one could sabotage hardware? An exhaustive
> list is interesting, if only because it gives us information on what
> to look for in hardware that may have been tweaked at NSA request.
I'd go for leaking
16 matches
Mail list logo