[Cryptography] What's a Plausible Attack On Random Number Generation?
Jerry Leichter
leichter at lrw.com
Thu Oct 31 15:15:43 EDT 2013
On Oct 31, 2013, at 2:53 PM, Hannes Frederic Sowa <hannes at stressinduktion.org> wrote:
> Are we talking about real world operating systems?
No. As you say, they already come with their own random sources, and everyone argues about how good they are. So I'm positing a system modified to use a particular RNG approach that "everyone knows" doesn't work, and then asking "OK, we all believe this isn't good enough - can we construct a plausible attack?"
> So only depending on the network to gather entropy from the network
> does not sound that good
Yes, but can we construct a plausible attack?
> (given you only used static data to initialize
> the entropy pool). I guess you need a bootstrap procedure for the DC to
> make sure the application on the first machine powered on does not have
> weaker random keys.
For the first ten machines I bring up - just after the company founding party - I and my partners toss coins to provide the seed entropy. Or for a more spectacular send-off, we go to the bank, get a pile of a hundred or so bills in multiple currencies, pull a couple per system out of a hat, enter their serial numbers as the seeds, then burn all the bills and stir the ashes. :-)
(And then go to jail for destroying US currency?)
After that, everything proceeds as I outlined.
-- Jerry
More information about the cryptography
mailing list