On 09/08/2013 06:16 PM, John Kelsey wrote:
I don't think you can do anything useful in crypto without some good
source of random bits.
I don't see the big worry about how hard it is to generate random
a) You need them super fast (because you are Google, trying to secure
On 09/08/2013 09:15 PM, Perry E. Metzger wrote:
Perhaps you don't see the big worry, but real world experience says it
is something everyone else should worry about anyway.
I overstated it.
Good random numbers are crucial, and like any cryptography, exact
details matter. Programmers are
On 09/08/2013 11:56 PM, Jerry Leichter wrote:
Which brings into the light the question: Just *why* have so many random
number generators proved to be so weak.
Your three cases left off an important one: Not bothering to seed the
PRNG at all. I think the Java/Android cryptographic (!)
On 09/11/2013 07:18 PM, Perry E. Metzger wrote:
the world's routers, servers, etc. do not have good sources,
especially at first boot time, and for customer NAT boxes and the like
the price points are vicious.
I agree that things like consumer NAT boxes have a tricky problem, and
On 09/12/2013 10:41 AM, Kent Borg wrote:
routers and servers are not as bad off as people say.
Not that more sources is bad. A new trustworthy HW entropy source would
be good. Even a suspect rdrand is worth XORing in (as Linux does on the
machine I am using right now).
But if you thirst
On 09/13/2013 11:59 AM, Marcus Leech wrote:
Any physical-world sensor driver, where the sensor inherently has a
bit of noise, I think has a moral obligation to contribute bits to
the kernel entopy pool.
Within limits. Mixing the entropy pool on Linux takes work and battery
On 09/14/2013 03:29 PM, John Denker wrote:
Things like clock skew are usually nothing but squish ... not reliably
predictable, but also not reliably unpredictable. I'm not interested
in squish, and I'm not interested in speculation about things that
might be random.
I see theoretical the
On 09/15/2013 10:19 AM, John Kelsey wrote:
But those are pretty critical things, especially (a). You need to know
whether it is yet safe to generate your high-value keypair. For that,
you don't need super precise entropy estimates, but you do need at
least a good first cut entropy
John Kelsey wrote:
I think the big problem with (b) is in quantifying the entropy you get.
When Bruce Schneier last put his hand to designing an RNG he concluded that
estimating entropy is doomed. I don't think he would object to some coarse
order-of-magnitude confirmation that
Broken RNG-time again: In looking 2.2 million certificates, researchers
found reused primes in 103 of them.
On 09/18/2013 01:31 PM, Walter van Holst wrote:
What makes me a tad bitter is that we apparantly live in a world with
two classes: US citizens and the subhuman rest of it. NSA-style
blanket surveillance violates the fundamental right to privacy and
ultimately also the fundamental right to
On 10/01/2013 10:28 AM, Greg wrote:
This falls somewhere in the land of beyond-the-absurd.
I noticed the password would be mailed in the clear when I signed up,
but even if I had not, I would not have been bothered to later discover
it. What is the harm? The sensitivity of this password is
Mail list logo