CPRNGs are still an issue.

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Dec 16 23:14:49 EST 2008

=?ISO-8859-1?Q?Joachim_Str=F6mbergson?= <Joachim at Strombergson.com> writes:
>Damien Miller wrote:
>> Until someone runs your software on a SSD instead of a HDD. Oops.
>That is a very good observation. I would bet loads of GM stocks that very few
>people realise that moving from 0ld sk00l HDD to SSD would affect their
>entropy sources.

This is only going to be a problem if your RNG is... well, to be blunt, stupid
enough to rely entirely on HDD timings as an entropy source.  I would hope
that any well-designed entropy polling system would use as many sources as
possible for the simple reason that otherwise a single failure can destroy the
security of your entire system.  In other words an entropy polling mechanism
should see the change from HDD to SSD as nothing more than a small glitch for
its fault-tolerant front-end to accomodate and continue as before.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list