On the "randomness" of DNS
Ben Laurie
ben at links.org
Wed Jul 30 23:06:30 EDT 2008
Dirk-Willem van Gulik wrote:
> I fail to see how you could evaluate this without seeing the code (and
> even then - I doubt that one can properly do this -- the ?old? NSA habit
> of tweaking your random generated rather than your protocol/algorithm
> when they wanted your produced upgraded to export quality - is terribly
> effective and very hard to spot).
>
> Or am I missing something ?
I think that, in general, you are correct. However, in the case of NAT
your adversary is not someone who is trying to guess your randomness,
but someone who is trying to sell you their NAT gateway. In this case,
code/silicon inspection probably suffices.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list