[Cryptography] In search of random numbers

Lodewijk andré de la porte l at odewijk.nl
Fri Oct 24 22:35:01 EDT 2014


On Oct 24, 2014 4:49 AM, "Tom Mitchell" <mitch at niftyegg.com> wrote:
>
> The internet of things... are a challenge.  Refrigerators and
> TV are expected to be resource starved...  but other systems
> seem to have engineering options.

As long as they can check a digital signature (wouldn't try internet
without it..) they could check the signature of a blob of random data. That
would have to be supplied from a not-so-starved source, which should be
possible over an internet of things.

That said, the TV probably has the most entropy of any household item,
given the incoming data quantity. White noise anyone? And lightbulbs
probably the least. Or else doorbells?

Regarding just-booted entropy, save some for later on a disk? There's also
initial entropy to be scraped: temperatures, RAM state, last digits of the
clock (hash of clockvalues), serial numbers, installed software packages,
tempfiles, last edited files (browser history), etc. All hashed together.

It works especially well since a real life hack requires actually knowing
many if not (nearly) all those values. Predictable isn't a big deal if it's
just too hard to predict. That idea breaks the idea of "bits of entropy
equivalent" until you've modeled an adversary and guessed the probabilities
of the adversary knowing of certain values.

Real time protocols might gain no entropy at all from sampling the clock,
whereas long term storage (many years) there can definitely be bits of
entropy to be found.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141025/0a5b73f2/attachment.html>


More information about the cryptography mailing list