[Cryptography] RNG exploits are stealthy
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Feb 21 07:25:50 EST 2014
Jerry Leichter <leichter at lrw.com> writes:
>Your code is getting better *because you're improving it* by incorporating
>new sources. Had you simply left the code alone to forever depend on the
>sources you started with, it might get better or worse, but silently, and
>without you ever knowing.
Not really. The means of collecting environmental data just returns a memory
blob of whatever's available on the system. One day/month/year it might be 5K
of data, the next it could be 20K as more hardware-monitoring sources are
supported by system hardware and software. So it is silently getting better,
but not because of any changes in my code (once the initial get-environment-
noise code has been written).
Peter.
More information about the cryptography
mailing list