[Cryptography] who cares about actual randomness?
Joachim Strömbergson
Joachim at Strombergson.com
Fri Feb 7 05:36:01 EST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
John Denker wrote:
> Secondly, redundancy is not a virtue unto itself. Reliability is a
> virtue, but multiplicity by itself is neither necessary nor
> sufficient for reliability. For clarification on this point, see
> http://www.av8n.com/computer/htm/secure-random.htm#sec-multi-hwrng
> http://www.av8n.com/computer/htm/secure-random.htm#sec-multi-reliability
The
>
issue is not if the entropy sources fails and thus the reliability
from random breakdown, The issue is if they have really good, pretty
good or half crappy quality. And if the reduction in quality for a given
source can be caused by an attacker - locally or remotely.
Having multiple and different sources makes it harder for an attacker to
reduce the quality of the overall collected entropy because it requires
the attacker to use several methods of manipulation at the same time.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJS9LcQAAoJEF3cfFQkIuyNpzsP/3WSTEK44k3GTPfW3ajP3oKr
RmaQLqpluygtf17qsWHBCNxct9xhimnVLuE4dg/tBKPLZjMuszsy/hqat3j+QjHO
MDucdL7y4t/KD2cFvmM/qikJNF51o1SeD679QIqEFt5F1QnM0IWJVnhovEkJ4OY+
GxnG1SPuShLECtds2bS5bMDD5AlWX6chRe0qBFXiTpgrTC6OGguxoEQlAVmM9a5p
lFRiclw4tMXtHVgZbxzRdHKsBWW2hFtqQULhOvxQQsH73vGz+U/UKrTOqHLCclBx
o616swPBIQB7quRgbF843FjYYEZcdPBnRE8pc7366ssLYroSVpULmrNg9Eg1MK6H
veU+So3M9j0y0zD8h+4JXYOpgtPpQ73u3Hj6TUWJwseqImh8gotQWaF8Xo1ee5IE
1caC6Z2YjwtjPPa+umsfKpzeRSGfYzBKyVJSrtYMUtBf7RQo95php4tGe5yUA6Qz
V8c8LmCDTwdsYshx7QjHWCcsqUq8zvmUtkYk6GW3iLSNNo+AgBNW3SZa6KI2EUbH
b3DqTCw97GiAp8wlEekXp3mY6QR2pgf/OR8iK3sJjJjfd41dU5g11EtBb7R9ugUt
b9423UWbqleoL3K3I3bpV1dC/9cqPRVf6vmAwc1RLLpDbtWgrSnD+ja63YEKw1gj
K8fA0giRSg6KjUcDNdmZ
=mJld
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list