[Cryptography] /dev/random is not robust
Alan Braggins
alan.braggins at gmail.com
Sun Nov 3 17:27:01 EST 2013
On 24 October 2013 16:16, Phillip Hallam-Baker <hallam at gmail.com> wrote:
>> I think the more worrying case is a freshly imaged rack mount server,
>> immediately generating keys or outputting random numbers to the network or
>> in response to network queries.
>
> +1
>
> And I have not seen any proposal that is really going to solve this
> particular problem in the thread since.
>
> If I was asked three months ago my position would be 'generate the keys on
> the device that is going to use them and they never leave unless it is a
> really constrained device like a credit card.'
>
> I have completely changed my mind on this. I now think public keys should be
> generated in device adapted for that purpose and migrated out using some
> form of secure protocol that ensures only the intended device can use them.
Given that we're assuming the device can't reliably generate a secure key pair,
and assuming that it doesn't already have a secret specific to the device, what
protocols would be suitable for doing that?
(And if we can ask a device to generate keys and securely migrate them to us,
we can ask it to generate some random seed material that isn't visible to an
attacker, which solves the problem of local generation.)
--
alan.braggins at gmail.com
http://www.chiark.greenend.org.uk/~armb/
More information about the cryptography
mailing list