[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
John Kelsey
crypto.jmk at gmail.com
Fri Oct 25 08:12:00 EDT 2013
This gets back to the threat model discussion. If your attacker is watching you from the outside as you generate your key, then interacting with stuff over the local net won't help you much. (You may get a bit or two of entropy from the attacker not being able to know exactly which clock-tick you were on when the interrupt was serviced, but not much.). If he's not watching you then, you can rule out a whole category of attackers.
Similarly, if you have some secret value that's available to any program on your machine, an attacker who can get onto your machine later can learn that. But one who can't is just not able to guess your prng starting state.
What else can be done to rule out classes of attacker up front?
--John
More information about the cryptography
mailing list