[Cryptography] cheap sources of entropy
Bear
bear at sonic.net
Thu Feb 6 22:34:43 EST 2014
> My point is: Combining a bunch of sucky crypto primitives is *not*
> a good practice.
That is true, but a source of random bits is not very much like
a cryptographic primitive. A source of "random" bits has value if
there is *any* subset of attackers to whom its output is unknown
and unpredictable.
> One well-calibrated well-defended well-monitored entropy source
> makes incomparably more sense than an arbitrarily complicated
> conglomeration of sucky sources.
I would be scared to death of using anything marketed as a "well-
calibrated well-defended well-monitored entropy source" -- and
nothing else -- because such sources and the organizations that
produce them are single points of failure. Also, they are high-
value targets and it is known that adversaries both national and
criminal, both foreign and domestic, routinely attack the
manufacturers of high-value targets with tactics including but
not limited to court orders, gag orders, blackmail, extortion,
bribery of plant workers, covert die alterations, etc.
By all means, put the darn thing in my system. There will be
a lot of attackers whom its output is not known to, so it'll
positively help. But, I'm also going to be using the sound
card, camera, hard drive delays, A/D converter noise, thermal
noise, local wi-fi static, keyboard and mouse timing, USB power
loads, and everything else I can think of along with it, because
however limited they are compared to what the device you
advocate *is purported* to be, there will be other attackers
whom those outputs are not known to. The objective is to have
at least one source in the system that is unknown to every
attacker.
It doesn't have to be the same source in each case; any one will
do. If the guy who can monitor local wi-fi static is not the
same guy who can monitor the local audio environment AND predict
a potentially pwned hardware RNG, I win even if all three sources
can be monitored or predicted.
Bear
More information about the cryptography
mailing list