[Cryptography] cheap sources of entropy

ianG iang at iang.org
Fri Jan 31 02:53:47 EST 2014


On 30/01/14 01:34 AM, John Denker wrote:

> On 01/28/2014 03:17 PM, James A. Donald wrote:
>> Use many, many different entropy sources, even ones that are known to
>> suck.
> 
> Anybody who believes that argument must think quadruple-rot13 is 
> a good cipher.


No, it is more like, people do not know if 4rot13 is good nor if Turbid
is good.  They hear noise.  But they are not scientists, and do not have
the time to sort through things.


> My point is:  Combining a bunch of sucky crypto primitives is *not* 
> a good practice.


Think of it like investing on the stock market.  Choosing good
investments is a risk business.  One can either become expert in stock
picking ... or one can invest-the-market.  Those who are trying the
former are fooling themselves that they can do better than the market,
those that are doing the latter are giving up on it.

It's turtles all the way down .. which is why things like the 'perfect
market hypothesis' that says inter alia that all knowledge is already
priced in is treated with both scorn and long term respect.

Your context -- which we might not see as a problem -- is that in this
analogy, you are the company.  You know your stock pick is good because
you have the inside info.

Nobody else has that.  So they are left with a choice -- pretend to be a
stock picker, lean hard on diversification theory, or become an insider...

> One well-calibrated well-defended well-monitored entropy source
> makes incomparably more sense than an arbitrarily complicated
> conglomeration of sucky sources.


Well, (a) that's an opinion, and (b) it makes incomparably more sense
until it doesn't.  The problem with the one true source that a
purchasing manager has is that it's one and true until it isn't, and
there is no way to get around that fact.  So when supplier fails, he
does what he typically does, and starts purchasing elsewhere.


> To those who say calibration is hard:  Yeah, a lot of things in
> cryptography are hard.  We're supposed to be grown-ups here.  We
> don't just give up when we see something that requires a bit of
> work.


Agreed.  But the purchasing manager will give up in seconds.  That's
unavoidable.


> If you want us to use the thermostat A/D that's fine ... provided
> you tell us how to calibrate it.
> 
> To those who say different platforms will have different entropy
> sources:  Yeah, they also have different graphics hardware,
> different networking hardware, different disk hardware, et cetera.
> We deal with that by loading the appropriate drivers.


Not sure I know how to load an appropriate driver on my android.  And
I'm pretty sure as a marketing droid that the old story of downloading
drivers is a dead duck.  In today's world, you get the platform and it
either works or it doesn't.  You don't download drivers, you get another
platform.  Attention cycles are short, and dealing with hard things like
crypto just causes eyeballs to roll.  "Oh no, not that 1990s crypto
nonsense again..."





iang


More information about the cryptography mailing list