[Cryptography] [RNG] /dev/random initialisation

[ianG]

On 30/10/13 21:09 PM, Jerry Leichter wrote:
> On Oct 30, 2013, at 8:29 AM, ianG <iang at iang.org> wrote:
>> Do we see a multi-phase approach here?
>>
>> 1.  Limit the sources to FIPS-authenticated inputs.
>> 2.  Limit the number of sources that can be used.
>> 3.  Do a deal with all major suppliers of FIPS-authenticated inputs.
>> 4.  Profit.
>>
>> This is looking like the same multi-pronged strategy that sunk DRBG_EC.
> Maybe.  Or maybe we just see a misapplied reasonable principle that any input that could affect sensitive data must be authenticated.


Every intervention will be reasonable in isolation.  Only in full will 
the real goal become apparent, and chances are we will never know the 
full story.  They are after all the experts at secrets.  We are not.  We 
will never ever be brought in to the real story, we can only triangulate 
from their mistakes.


> "Never attribute to malice what can be explained by incompetence."  One of the really bad things about the NSA's apparent attempts to subvert crypto is that it leads you to question this assertion.  We just have no way of knowing.


Absolutely.  In a benign statistical world, this is an important 
aphorism, and our experiences reinforce this.  The wiser we get, the 
more we battle with incompetence.

But in a machiavellian world, I turn to things like 48LoP or the 
sabotage manual.

http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabotage.html


This latter is so useful that I present it to any board I work with;  it 
tells them they are the enemy, pogo-like.  The business about 
intervention doesn't have to be true, and this is still a useful 
reminder of how they can stuff it up all by themselves.



iang

>                                                          -- Jerry
>


ps;   Or spy novels;  the famous authors all get their material from ... 
somewhere.

http://www.nytimes.com/2013/02/03/magazine/gerard-de-villiers-the-spy-novelist-who-knows-too-much.html?pagewanted=all&_r=0