[Cryptography] True RNG: elementary particle noise sensed with surprisingly simple electronics
Thierry Moreau
thierry.moreau at connotech.com
Sat Sep 17 13:02:47 EDT 2016
On 17/09/16 03:57 AM, Bill Cox wrote:
> Oh... there are _so_ many points to debate here... However, please
> consider the following argument: All a typical device needs is 256 bits
> of randomness, ever.
>
> Bear is entirely correct in pointing out that any device that has only
> 256 random bits can never generate 257 "random" bits. We can only use
> more than 256 bits from such a device if we take a leap of faith in some
> CPRNG. So... let's' assume we can trust that SHA256(randSeedl +
> counter) is just such a function, just as secure as a real TRNG, up to
> the 256 bit level of unpredictability.
>
Yes, indeed for the unpredictability property. But forward secrecy is
enhanced by periodic or occasional re-seeding. Otherwise, the seed or
the current CPRNG state turns into a long-term secret. Looking at the
overall system security, one must assume that some other long-term
secrets will be present, especially for authentication purposes.
So, periodic or occasional reseeding is a desirable feature, but not a
panacea.
- Thierry Moreau
More information about the cryptography
mailing list