[Cryptography] [RNG] on RNGs, VM state, rollback, etc.

John Kelsey crypto.jmk at gmail.com
Fri Oct 25 08:15:57 EDT 2013


On Oct 24, 2013, at 12:55 PM, Jerry Leichter <leichter at lrw.com> wrote:

> As long as you're at it, ask a whole bunch of hosts, close and far, for 256 random bits from their own generators.  If even a single one of the response slips by an attacker, he's lost.
> 
> This is a process you can repeat periodically - and certainly at each boot - except that after the first time, you can use secure connections, with the best security you are able to set up with each particular host.  An attacker then would have to be able to not just see all the responses but also decrypt them.

I like this idea.  If my PRNG is in a secure state, I can give out random numbers to anyone who asks.  At first startup, it won't be possible to establish a secure connection yet (no entropy), but by asking some hosts for a random number, we ensure that if those messages aren't recorded, the attacker can't possibly guess our PRNG starting state.  

>                                                        -- Jerry

--John


More information about the cryptography mailing list