[Cryptography] RNG exploits are stealthy

Jerry Leichter leichter at lrw.com
Fri Feb 21 06:45:57 EST 2014

On Feb 21, 2014, at 5:35 AM, Peter Gutmann wrote:
>> This general phenomenon seems to me to be the strongest argument against
>> using general purpose stuff that's lying around in your computer as an
>> entropy source.  You can do this, analyze it, and get a secure system today,
>> and over time, things can change that will be pretty much invisible to your
>> software, but that will completely destroy your security.
> Conversely, advances over time can make your security better rather than
> worse.  For example my entropy-polling code, when it was first written, was
> limited to checking a few truly physical-randomness sources, generally timing
> jitter on network packets and the like (alongside a great mass of generally-
> unpredictable events related to the running of the OS).  Now it checks things
> like fan speeds, GPU core temps, SATA error rates, CPU core voltage
> variations, and a whole smorgasbord of other physical measurements that would
> have been impossible to get when the code was first written.  The whole thing
> is getting better over time as support for monitoring of more and more system
> parameters is added.  So while in some cases we may be moving backwards, in
> others we're moving quite a bit forwards.
Different argument.  Your code is getting better *because you're improving it* by incorporating new sources.  Had you simply left the code alone to forever depend on the sources you started with, it might get better or worse, but silently, and without you ever knowing.

"The price of randomness is eternal vigilance".  :-)

                                                        -- Jerry

More information about the cryptography mailing list