[Cryptography] OpenSSL and random
Jerry Leichter
leichter at lrw.com
Mon Dec 5 07:12:39 EST 2016
>> It's worth noting here that this will work for individual users with a simple
>> threat model. However, this is *not* an acceptable solution for an OS to
>> ship.
>
> Oh, I wasn't intending it for that use, my interest was SCADA/embedded,
> devices that are notoriously short of entropy. So you have a per-device
> unique value (MAC address) and varying value (IP address or time) to ensure
> that you get unique keys per device, and if you recreate the keys you get
> different ones each time.
Note the similarity to what Apple does in iPhones (and, as it turns out, in their HSM's): Leverage a fixed *but secret* value to greatly increase the effective security of a guessable user secret (the passcode).
At first glance, it would seem that a fixed value can add no security. But if you use physical security, together with details of the particular system and attack models to be defended against; and you use that fixed value carefully (i.e., you never export information that makes the secret value computationally accessible); you can end up with a rather powerful primitive.
I'm sure there will be those who claims this is just "security through obscurity", but they're missing the point: In the end, *all* security comes through obscurity - no matter how good your algorithms, you're helpless if I have access to all your keying material.
-- Jerry
More information about the cryptography
mailing list