[Cryptography] What's a Plausible Attack On Random Number Generation?

[Kent Borg]

On 11/01/2013 10:21 AM, Jerry Leichter wrote:
> On Nov 1, 2013, at 7:04 AM, Yaron Sheffer <yaronf.ietf at gmail.com> wrote:
>> It sounds like a quick addition to DHCP - an extension that gets you 256 bits from the server, would solve 99% of the problem we have with embedded devices. It will not be sufficient for high-security environments, because an attacker might be listening on the local LAN....
> Ahem.  This is *exactly* the kind of reasoning I started this thread to investigate.  (Though I certainly agree that a *single* DHCP packet containing a random bit string is easily attacked.)

I kind of like the idea of RNGs sharing data, if one is following the 
"more sources is safer"-approach, it seems it can't hurt. (Subliminal 
channel?? Other system consequences?)

But there is an irony here: aren't most of the DHCP servers out there 
little embedded NAT boxes running in homes? RNGs at risk for not having 
much entropy shortly after boot...

Just make sure you don't put all your eggs in any one entropy source...

-kb, the Kent who used to callect entropy samples from Linux machines he 
encountered, but who eventually lost interest, as he wasn't actually 
doing anything with this data, just hoarding it.