Am Mittwoch, 27. Januar 2016, 10:34:14 schrieb Fredrik Thulin: > Subject to some kind of policy I presume. I mean, if any/some defined number > of the entropy sources stop working, we'd better block the CSPRNG if it > wants to re-seed...
I should mention DJB's "entropy attacks" blog posting: http://blog.cr.yp.to/20140205-entropy.html The bottom line is that as long as the initial entropy at startup was good, you can rely on the CSPRNG, and don't reseed too often. If the entropy breaks, continue with the old seed, until all nonces are used up for the CSPRNG (not going to happen ;-). BTW: If you want to keep going even when the entropy sources all died, and you have non-volatile memory, you can even do that. After accumulating enough entropy to seed the CSPRNG, use it first to generate a new seed to be stored in non-volatile memory. Use that to seed the CSPRNG at next boot, and generate a new persistent seed. An attack vector exists if someone can read out that non-volatile memory, but that attack vector also attacks any other long-term secret stored there; so if that happens, you are toast, anyways. -- Bernd Paysan "If you want it done right, you have to do it yourself" net2o ID: kQusJzA;7*?t=uy@X}1GWr!+0qqp_Cn176t4(dQ* http://bernd-paysan.de/
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
