[Cryptography] Unified resource on Random Number Generation
agr at me.com
Fri Feb 14 17:31:30 EST 2014
On Tue, 11 Feb 2014 17:58:36 -0500 Sandy Harris asked:
> On Fri, Jan 31, 2014 at 1:39 PM, Arnold Reinhold <agr at me.com> wrote:
>> Is there any interest in developing a unified resource on RNG for Cryptography
> Doesn't RFC 4086 already cover that ground?
>> that summarizes the various viewpoints expressed here recently? It wouldn't have to resolve debates like general purpose computer vs engineered crypto hardware, or one good entropy source vs hash together everything, but instead present the arguments and engineering trade offs involved. As I envision it, it would also summarize and point to existing standards and implementations where they exist.
> There has been some discussion on one of the lists of a revision of
> that RFC. Anyone with a contribution to make might contact the authors
> or find the appropriate IETF list and comment there.
I view RFC 4086 as from an different era, when we were mostly talking about PC type systems, with hard drives, sound cards, etc. Some topics that have come up here that I couldn't find covered in a quick scan of the RFC include:
Different threat/trust models
State actors as a threat (Snowden, etc)
How to audit RNGs
Internet of things and diskless nodes
Certification issues as a drag (FIPS-140, e.g.)
Seed once vs periodic refresh vs TRNG for everything
Risks of combining multiple entropy sources (Bernstein & responses)
CPU TRNGs, in particular Intel's RDrand
The Dual_EC_RNG issue
Inexpensive entropy sources e.g. accelerometer chips
Characterizing video cameras
Hard entropy characterization vs lower bounds
Documentation issues (e.g. what should a man page include)
Updating the RFC would be welcome of course, but I'm thinking of something a little less formal as a starting point, maybe a Wiki, to find consensus and clarify points of disagreements.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography