[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Oct 22 23:00:01 EDT 2013
Peter Todd <pete at petertodd.org> writes:
>On Mon, Oct 21, 2013 at 09:17:00PM -0700, Watson Ladd wrote:
>> > Suppose the RNG hashes in a MAC address. Immediately, the attacker has a worse
>+life--now with the same amount of entropy, he must do a new 2^{40} search each time
>+he encounters a new device with a public key. It's like a salted password hash.
>> And with a wire that costs 25 cents connecting the wallwart to the
>> interrupt pin we've got 60 Hz (50 in Europe) uncorrelated to our local
>> clock. Measure the drift, and in 5 seconds we are done collecting 250
>> bits of entropy (one bit per interrupt).
>
>That wire costs 25 cents; installing it costs orders of magnitude more than
>that.
Well, you can get easy-to-install interfaces like this one:
http://goo.gl/9AW9Ph
that anyone can plug in in a few seconds, but it's a bit of a one-shot affair
in terms of sampling the 50Hz signal.
Peter.
More information about the cryptography
mailing list