[Cryptography] [RNG] /dev/random initialisation
James A. Donald
jamesd at echeque.com
Fri Nov 1 22:27:16 EDT 2013
On Oct 30, 2013, "James A. Donald"
> > No source of entropy can ever be harmful. The worst that can happen
> > is that it is entirely predictable to the adversary, in which case
> > it does little good, but can never do harm.
On 2013-10-31 07:00, Jerry Leichter wrote:>
> Now suppose I inject j >> k bits of my own, controlled data,
> declaring that it represents j bits of entropy - all the while
> continuing to draw j bits out.
You have to have root access to declare your entropy represents j bits.
If the adversary has root access, game over. We have to assume that OS
writers and system owners are the people we are trying to protect, not
the people who are attacking.
The NSA rule is not intended to exclude adversaries, but rather intended
to exclude operating system writers who are non NSA.
It is intended to prohibit non NSA sources of entropy.
Thus it makes sense only from the point of view that the NSA wants to
get the upper hand over the person who owns the computer.
More information about the cryptography
mailing list