[Cryptography] SP800-90A B & C

Watson Ladd watsonbladd at gmail.com
Mon Nov 11 22:38:28 EST 2013


On Mon, Nov 11, 2013 at 3:23 PM, Bear <bear at sonic.net> wrote:
> On Mon, 2013-11-11 at 21:18 +0000, dj at deadhat.com wrote:
>
>> Part of my argument was that we can have both. The design must ensure that
>> if designed to the spec without manipulation, it will offer secure random
>> numbers.
>
> But if we have no way of verifying that it is designed to the spec
> without manipulation we have no way of verifying that any security
> exists.  I have a problem with that..
>
>> The spec can allow that users can mix in their own sources to
>> mitigate the issues that the former model raises.
>
> And it must.
>
> There absolutely must be a requirement for sources of entropy whose
> nature and functioning are verifiable.
Such as the clock skew between the CPU and wall power, or sampling the
Johnson noise in a resistor, or
lots of other physical effects. If you don't trust your CPU designer
to add in a ring oscillator, add an external one and use
it. But why shouldn't the spec ask you to explain why what you are
doing is likely to get entropy into the system?
And if you don't like the spec, don't use it.
>
> Bear
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin


More information about the cryptography mailing list