Linux-based wireless mesh suite adds crypto engine support

David Honig dahonig at cox.net
Mon Oct 4 23:28:15 EDT 2004 

At 03:25 PM 9/30/04 -0700, John Gilmore wrote:
>
>Crypto hardware that generates "random" numbers can't be tested in
>production in many useful ways.  My suggestion would be to XOR a
>hardware-generated and a software-generated random number stream.  If
>one fails, whether by accident, malice, or design, the other will
>still randomize the resulting stream.  Belt AND suspenders will keep
>your source of randomness from being your weakest link.

A good idea, but also: consider that hardware based RNGs are
not so hard to make.  An FM radio soundcard, audio digitizer, and
some homebrew (perhaps standard-crypto-hash-based) software
suffices for moderate bandwidth true RNG construction.  
Using an evaluation metric like Diehard and/or a Shannon or
Mauer entropy measure ices the cake (as well as being required
for initial and continuing monitoring).  (Insert the usual caveats
about PRNGs being undetectable, OS subversion, white vans driving
your FM hiss, etc.)  Very cheap and if you can master a hash
function component, not tricky.

Obviously too much trouble for Joe Sixpack, but I think that
certain online gambling houses (not US of course) have made
their own sources, and definately not too hard for anyone who codes
and has crypto-clue.  OTOH Joe can benefit from his radio-tuner
card plus off the shelf inspectable software since he ought not
to trust Bigcorp's embedded nominal RNG.  Joe Sixpack might also
be an abbreviation for a foreign government.  Should the Pakis
really trust Intel's RNG? 

PS: your belts and suspenders argument also applies to trusting
cipher algorithms.  Best to chain a few.  Also useful to twiddle
a few S-box bits, even if you get suboptimal properties, so as 
to deter cheap crackers using COTS cipher chips.  (Doing dictionary
regexp search, not the impractical exhaustive search, of course.)
This works particularly well in large random-S-box constructs like Blowfish
(et al) compared to the more spartan (thus degradable) DES S-boxes.

The weakest link will be bipedal for the forseeable future.










=================================================
36 Laurelwood Dr
Irvine CA 92620-1299

VOX: (714) 544-9727 (home) mnemonic: P1G JIG WRAP

ICBM: -117.7621, 33.7275
PGP PUBLIC KEY: by arrangement

Send plain ASCII text not HTML lest ye be misquoted.  Really.

------

"Don't 'sir' me, young man, you have no idea who you're dealing with"
Tommy Lee Jones, MIB



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list