[Cryptography] Unified resource on Random Number Generation

Ben Laurie ben at links.org
Sun Feb 16 06:14:47 EST 2014 

On 14 February 2014 22:31, Arnold Reinhold <agr at me.com> wrote:
> On Tue, 11 Feb 2014 17:58:36 -0500 Sandy Harris asked:
>
> On Fri, Jan 31, 2014 at 1:39 PM, Arnold Reinhold <agr at me.com> wrote:
>
> Is there any interest in developing a unified resource on RNG for
> Cryptography
>
>
> Doesn't RFC 4086 already cover that ground?
> http://tools.ietf.org/search/rfc4086
>
> that summarizes  the various viewpoints expressed here recently? It wouldn't
> have to resolve debates like general purpose computer vs engineered crypto
> hardware, or one good entropy source vs hash together everything, but
> instead present the arguments and engineering trade offs involved.  As I
> envision it, it would also summarize and point to existing standards and
> implementations where they exist.
>
>
> There has been some discussion on one of the lists of a revision of
> that RFC. Anyone with a contribution to make might contact the authors
> or find the appropriate IETF list and comment there.
>
>
> I view RFC 4086 as from an different era, when we were mostly talking about
> PC type systems, with hard drives, sound cards, etc. Some topics that have
> come up here that I couldn't find covered in a quick scan of the RFC
> include:
>
> Different threat/trust models
> State actors as a threat (Snowden, etc)
> How to audit RNGs
> Internet of things and diskless nodes
> Virtualization
> Certification issues as a drag (FIPS-140, e.g.)
> Seed once vs periodic refresh vs TRNG for everything
> Risks of combining multiple entropy sources (Bernstein & responses)
> CPU TRNGs, in particular Intel's RDrand
> The Dual_EC_RNG issue
> Yarrow, Fortuna
> Inexpensive entropy sources e.g. accelerometer chips
> Characterizing video cameras
> Hard entropy characterization vs lower bounds
> Design reviews
> Documentation issues (e.g. what should a man page include)
>
> Updating the RFC would be welcome of course, but I'm thinking of something a
> little less formal as a starting point, maybe a Wiki, to find consensus and
> clarify points of disagreements.

What's the point of having consensus on speculation?

I'd welcome something evidence-based, though.

More information about the cryptography mailing list