<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Dec 14, 2017 at 5:35 AM, Will Yager <span dir="ltr"><<a href="mailto:lists@yager.io" target="_blank">lists@yager.io</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><span class="gmail-">On Wed, Dec 13, 2017 at 9:54 PM, Dave Horsfall <<a href="mailto:dave@horsfall.org" style="font-size:1em" target="_blank">dave@horsfall.org</a>> wrote:
<br>
<blockquote class="gmail-m_-967641351214020375protonmail_quote" type="cite">I'm still learning here, but is that a weakness of crypto in general i.e. always avoid null keys and IVs, or AES in particular?</blockquote></span><span style="background-color:rgba(255,255,255,0)"><div><span style="background-color:rgba(255,255,255,0)">The point is that </span>
<span style="background-color:rgba(255,255,255,0)">s</span><span style="background-color:rgba(255,255,255,0)">t</span><span style="background-color:rgba(255,255,255,0)">a</span><span style="background-color:rgba(255,255,255,0)">t</span><span style="background-color:rgba(255,255,255,0)">i</span><span style="background-color:rgba(255,255,255,0)">s</span><span style="background-color:rgba(255,255,255,0)">ti</span><span style="background-color:rgba(255,255,255,0)">c</span><span style="background-color:rgba(255,255,255,0)">a</span><span style="background-color:rgba(255,255,255,0)">l</span>
<span style="background-color:rgba(255,255,255,0)"> </span><span style="background-color:rgba(255,255,255,0)">te</span><span style="background-color:rgba(255,255,255,0)">sts are not actually very </span><span style="background-color:rgba(255,255,255,0)">useful for judging RNGs,</span></div></span></div></blockquote><div><br></div><div>When building a key today a random number is used to start the search and build the key.<br>One common trouble is a lot of random sources are the same and will possibly return the same </div><div>or nearly the same result too often.<br><br>That sameness may reduce the key space from more than the number of atoms in the universe to</div><div>less than the number of atoms in your pocket change. In my opinion individuals using a non-standard </div><div>source of random that is decent and not disclosed to the attacker is better than many of the </div><div>standard sources that may or may not be gamed. <br><br>Key management and generation are cornerstones and random is part of this.<br><br>I am a fan of multiple sources.<br>I do not fully trust the random bits in modern processors and operating systems. The source "might" be a register<br>under control of Minix in <span style="color:rgb(54,54,54);font-family:Arial,sans-serif;font-size:13px">Intel's Management Engine (ME) tech. Or it could be marvelous </span><font color="#363636" face="Arial, sans-serif">hardware...</font></div><div><font color="#363636" face="Arial, sans-serif"> <a href="https://en.wikipedia.org/wiki/RdRand">https://en.wikipedia.org/wiki/RdRand</a> <br>or the </font><span style="font-family:sans-serif;font-size:14px">deterministic random-bit generator called CTR_DRBG </span><span style="color:rgb(54,54,54);font-family:Arial,sans-serif">inside could be too deterministic. <br><br>This is an interesting way to use common hardware.</span></div><div><font color="#363636" face="Arial, sans-serif"><br><br></font><br></div></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>