[Cryptography] Random numbers only once
Krisztián Pintér
pinterkr at gmail.com
Wed Feb 5 15:20:18 EST 2014
Watson Ladd (at Tuesday, February 4, 2014, 6:12:55 AM):
> As DJB pointed out on another listhost, one only needs 256 random bits
> once, and can then use a PRF to generate an indefinite number forever.
apparently, he says much more than that. today on his brand new blog:
http://blog.cr.yp.to/20140205-entropy.html
tl;dr:
he argues that if we have a malicious source of entropy, and it can
access the other sources' raw data, it can manipulate the output of
the rng, and thus influence generated keys and nonces to some
(admittadly small) degree.
two dangers:
1, some schemes rely on perfect random nonces. cooked nonce is a
break.
2, it can use randomness to communicate information to the outside
world. a driver or the CPU might have hard time phoning home. putting
bits in public keys and public nonces might open a channel.
More information about the cryptography
mailing list