[Cryptography] In search of random numbers

Hanno Böck hanno at hboeck.de
Fri Oct 24 04:49:08 EDT 2014


Am Thu, 23 Oct 2014 17:09:54 -0700
schrieb Tom Mitchell <mitch at niftyegg.com>:

> On Thu, Oct 23, 2014 at 4:30 AM, Hanno Böck <hanno at hboeck.de> wrote:
> 
> > The tough part is "early-boot-time-entropy" - where do you get your
> > entropy if you don't have any filesystems and network access
> > initialized yet?
> >
> 
> What "early" needs are there for entropy?

Networking, Stack Canaries of first processes etc.
Recently saw a talk on Blackhat EU about it, this seems to be the
background paper:
https://www.usenix.org/system/files/conference/woot14/woot14-kaplan.pdf

Interesting stuff.

> Most devices will have a little or a lot of persistent
> memory that can be used to save an entropy rich
> seed saved from "last time" the system was live.

The other issue you'll have is "first time boot". Then you don't have
any entropy from previous boots. See the RSA key issue Nadia
Heninger and others found a couple of years ago:
https://factorable.net/paper.html

> The internet of things... are a challenge.  Refrigerators and
> TV are expected to be resource starved...  but other systems
> seem to have engineering options.

It's not just IoT. The RSA attack shows that there are very real
problems with embedded devices on the market today.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141024/b33c851c/attachment.sig>


More information about the cryptography mailing list