On Sat, Aug 2, 2014 at 11:46 AM, Jacob Appelbaum <[email protected]> wrote: > > I'm not really convinced. An attacker who attacks the RNG is going to > find all of the plausable public seeds. This is what brl did with > exegesis to attack the Debian RNG bug:
yes, the difference is that different seeds require a different search space - similar to salting a hash. the salt does not prevent dictionary attacks, but it does prevent relatively cheaper dictionary attacks. > In talking with Tanja Lange, she points me to this OpenSSL-fixed table: > > http://www.projectbullrun.org/dual-ec/performance.html > > The clock is not a very good entropy source, as expected. this is why the only "true fix" is a robust hardware entropy source with access to raw samples (not obscured DRBG output like RDRAND/RDSEED) _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
