Hi again random readers,
Just adding some credit and historical background to this thread .
The issue of keyboard timing leakage had already been raised long before:
http://archive.cert.uni-stuttgart.de/bugtraq/2003/08/msg00213.html
where /dev/random blocking (instead of entropy available in this t
On Thu, Jan 11, 2018 at 08:19:30PM +, Dan Brown wrote:
>
> If an adversary gains access to this interface, then there is a
> small risk that sensitive information leaks to the adversary,
> because the entropy estimate may be derived from and correlated to
> sensitive information.
I'll note th
Hi random readers,
The threat model of Spectre
https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)
is an adversarial process running on a target's machine.
In the mail below, I describe a similar threat model (on OSes with a RNG whose
entropy estimate is accessible by any user), but I