<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Dec 20, 2016 at 3:15 PM, John Denker <span dir="ltr"><<a href="mailto:jsd@av8n.com" target="_blank">jsd@av8n.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 11/22/2016 01:03 PM, Ron Garret wrote:<br>
<br>
> I am constantly surprised by how often discussions of randomness<br>
> arise on this list, and how long they continue. Everything that<br>
> matters about randomness can be summarized in four bullet points<br>
<br>
I really don't think so.<br>
<br>
Let me offer a different list of grand principles:<br>
<br>
Principle #1: In the security business, there are very few grand<br>
principles. Mostly what we have is a boatload of niggling details.</blockquote><div>..... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
> 1. You need two things: an entropy source, and a whitener.<br></blockquote><div>.... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I say that is an excellent question, <br></blockquote><div> </div><div> ....</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Here's a particular case: Consider booting a system, called the<br>
/target/ system, from a "Live CD" .iso image. <br></blockquote><div>..... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
1) Observe that nobody actually uses CDs for this purpose anymore.<br>
For obvious reasons, they use USB flash drives.<br></blockquote><div> </div><div><br></div><div>There are two things missing in a "live: CD or USB-flash boot image.<br><br></div><div>One is a unique and unpredictable bit pile sufficiently large to support</div><div>the generation of communication keys that changes.<br><br></div><div>A second is the time of day. A number of IOT devices do not have a </div><div>real time clock and tinkering with time has protocol and system issues.</div><div><br></div><div>A live CD is a constant -- much like a PRNG in that it will always do what </div><div>it does. It can have unique hard baked secrets or constant hard baked secrets.</div><div>A live USB flash with read write </div><div> -) can be a safe single purpose system.</div><div> -) can install a system.</div><div> -) can repair a system</div><div> -) can infect or disinfect a system.<br> </div><div>If I recall SSH and friends expect the time of day on two machines to </div><div>be close enough. I know that system changes and updates can </div><div>depend on meta data in the files system including the various time</div><div>stamps.</div><div><br></div></div>So add time of day to the list of important volatiles.<br><br clear="all"><div><br></div>-- <br><div class="m_4907054803556348482gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>