[Cryptography] RNG exploits are stealthy

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Feb 21 07:25:50 EST 2014

Jerry Leichter <leichter at lrw.com> writes:

>Your code is getting better *because you're improving it* by incorporating
>new sources.  Had you simply left the code alone to forever depend on the
>sources you started with, it might get better or worse, but silently, and
>without you ever knowing.

Not really.  The means of collecting environmental data just returns a memory
blob of whatever's available on the system.  One day/month/year it might be 5K
of data, the next it could be 20K as more hardware-monitoring sources are
supported by system hardware and software.  So it is silently getting better,
but not because of any changes in my code (once the initial get-environment-
noise code has been written).


More information about the cryptography mailing list