[Cryptography] [RNG] on RNGs, VM state, rollback, etc.

Peter Saint-Andre stpeter at stpeter.im
Thu Oct 24 15:50:18 EDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/24/13 10:55 AM, Jerry Leichter wrote:
> On Oct 24, 2013, at 10:59 AM, John Kelsey <crypto.jmk at gmail.com>
> wrote:
>> We seem to be seeing a move toward commonly-used CPUs including
>> hardware entropy sources.  With those, we're in a much better
>> position.  There's always the possibility that the entropy source
>> was cooked or flawed, but that's something you can engineer your
>> way around reasonably well.
>> 
>> Suppose you have a cryptographic PRNG that you initialize with a
>> seed like this:
>> 
>> a.  Get 256 bits of entropy from the OS. b.  Get 256 bits of
>> entropy from the hardware entropy source. c.  Ping several hosts
>> on the internet and measure the response time, and fold that into
>> your seed. d.  Fold your ethernet address, IP address, and serial
>> number into the seed. e.  Fold the installed-at-birth secret 128
>> bit value from your device into the seed.
> As long as you're at it, ask a whole bunch of hosts, close and far,
> for 256 random bits from their own generators.  If even a single
> one of the response slips by an attacker, he's lost.

By 'hosts' do you mean do you mean servers, or also endpoints? If the
latter, I see interesting possibilities for a "network of friends"
system of the kind Perry sketched out here a month or two ago.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSaXn6AAoJEOoGpJErxa2pDzQP/ihsPHVaorNy102mrCnhcp4m
mLGyEw8osV8IocwbMGkbZWA/S4DSU+fT7zD0QJkND4Y6985jAA6uil5auyd98+ee
+ciMVVOsLcvynlaMY6/rjzRx3nSKRy01dc3azLQaZzsktiP3P8KbqnmboNjBeDe1
5MLlRQeLJXWO6jAiG3oh3mIoiD854vHYMj1TBKcmzMIs3MpQLaiZ5HA9W9ekwbTo
1zJi9SjJlBZsLrQEYbGWuybbCRb4deedu7H/7jfAz5F2RoBTY8CEL8SXP8IjfAiJ
dEmo2sd7/CfLGPJPIPCqgK5FY/y9bEy7ag6EpUpGKOP4DxxBLyHHWQcj6dyPykGl
XjvNUlIezfNyj6cmWo3SpabWsloar6Qo6WoPXxvOmHuwK1RILxf995tNrzyZPnYO
bKAXX6EwkAMYiftxVDlqUy93yIqunlnMRosTjA5AuS7xsVcgxUTqVWG7Et69ZSEZ
Y2/cR5L5rAmHw+azgE8tumqQLIYr0PqEA6XiZQeqHCoNCmLpatn2eEXx3sS9WaLr
C4rf2SMHHTSef1d+spE2G2rxvamA7HpqIj61gPDG0IhDiDsH4RkGEDvzmkiZvdY8
zxaVBj0Y/Zlh15SUOSfIc6w/J/ak/QoGInSCpjOBnBqScxdx1saML9G6M2B4XTge
DTR/4rmF7JTtN+XifAEl
=CZVI
-----END PGP SIGNATURE-----

More information about the cryptography mailing list