[Cryptography] OpenSSL and random

[Jerry Leichter]

>> It's worth noting here that this will work for individual users with a simple
>> threat model.  However, this is *not* an acceptable solution for an OS to
>> ship.
> 
> Oh, I wasn't intending it for that use, my interest was SCADA/embedded,
> devices that are notoriously short of entropy.  So you have a per-device
> unique value (MAC address) and varying value (IP address or time) to ensure
> that you get unique keys per device, and if you recreate the keys you get
> different ones each time.
Note the similarity to what Apple does in iPhones (and, as it turns out, in their HSM's):  Leverage a fixed *but secret* value to greatly increase the effective security of a guessable user secret (the passcode).

At first glance, it would seem that a fixed value can add no security.  But if you use physical security, together with details of the particular system and attack models to be defended against; and you use that fixed value carefully (i.e., you never export information that makes the secret value computationally accessible); you can end up with a rather powerful primitive.

I'm sure there will be those who claims this is just "security through obscurity", but they're missing the point:  In the end, *all* security comes through obscurity - no matter how good your algorithms, you're helpless if I have access to all your keying material.
                                                        -- Jerry