[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Tony Naggs
tonynaggs at gmail.com
Wed Oct 23 17:01:55 EDT 2013
On 22 October 2013 05:17, Watson Ladd <watsonbladd at gmail.com> wrote:
>
> And with a wire that costs 25 cents connecting the wallwart to the
> interrupt pin we've got 60 Hz (50 in Europe) uncorrelated to our local
> clock. Measure the drift, and in 5 seconds we are done collecting 250
> bits of entropy (one bit per interrupt).
I think you a overestimating how much real entropy you will collect this
way.
> 2^40 is not a lot for your colleges in Fort Mead. Imagine this is host
> key generation on hosts on large, important, networks. Piddling with
> the MAC key won't keep out anyone who seriously wants to get in.
If you the adversaries you are concerned about are moderately resourced
they could be able to model this entropy source.
There are a relatively small number of CPU clock frequencies in wide
use and variations on mains frequency are easily discoverable by others,
e.g. other servers at your co-lo. Also, at least in the UK, there are public
records of these variations such as;
http://www.nationalgrid.com/uk/Electricity/Data/Realtime/Frequency/
More information about the cryptography
mailing list