[Cryptography] cheap sources of entropy

[Bill Frantz]

On 1/20/14 at 9:13 AM, crypto.jmk at gmail.com (John Kelsey) wrote:

>The problem is, nobody makes *everything* they use.  A 
>sufficiently resourceful attacker might attack your device on 
>all kinds of levels, and you can't possibly check them all 
>yourself.  This has even been worked out by people with s lot 
>of resources--classified systems apparently use a lot of off 
>the shelf components now, for economic reasons.  The folks who 
>run those systems would love to be paranoid enough to verify 
>everything in their system, but they can't--it would cost too much.

Hmm, 12AX7s cost about $15 and burn a bunch of power. How many 
do I need to perform useful computation? Using the LGP-30 
computer as an example, not very many. In any case, there is 
probably a simple enough technology where concerns about back 
doors devolve into pure paranoia. Of course this approach 
doesn't scale to high performance, so we can't use it. :-)

>I spent some time running through this with e-voting...

Note that paper and human voting systems have been successfully 
attacked. My favorite attack occurred in Chicago in the mid-20th 
century. Ballot counters from one party glued pencil leads under 
their fingernails. When they counted a ballot for the "wrong" 
candidate, they marked an X for the correct candidate as well, 
thereby invalidating the ballot.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        |Security, like correctness, is| Periwinkle
(408)356-8506      |not an add-on feature. - Attr-| 16345 
Englewood Ave
www.pwpconsult.com |ibuted to Andrew Tanenbaum    | Los Gatos, 
CA 95032