[Cryptography] RNG exploits are stealthy

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Feb 21 05:35:19 EST 2014

John Kelsey <crypto.jmk at gmail.com> writes:

>This general phenomenon seems to me to be the strongest argument against
>using general purpose stuff that's lying around in your computer as an
>entropy source.  You can do this, analyze it, and get a secure system today,
>and over time, things can change that will be pretty much invisible to your
>software, but that will completely destroy your security.

Conversely, advances over time can make your security better rather than
worse.  For example my entropy-polling code, when it was first written, was
limited to checking a few truly physical-randomness sources, generally timing
jitter on network packets and the like (alongside a great mass of generally-
unpredictable events related to the running of the OS).  Now it checks things
like fan speeds, GPU core temps, SATA error rates, CPU core voltage
variations, and a whole smorgasbord of other physical measurements that would
have been impossible to get when the code was first written.  The whole thing
is getting better over time as support for monitoring of more and more system
parameters is added.  So while in some cases we may be moving backwards, in
others we're moving quite a bit forwards.


More information about the cryptography mailing list