[Cryptography] OpenSSL and random

Jeremy Stanley fungi at yuggoth.org
Mon Dec 5 10:14:17 EST 2016


On 2016-12-05 02:14:46 +0000 (+0000), Peter Gutmann wrote:
[...]
> Oh, I wasn't intending it for that use, my interest was SCADA/embedded,
> devices that are notoriously short of entropy. So you have a per-device
> unique value (MAC address) and varying value (IP address or time) to ensure
> that you get unique keys per device, and if you recreate the keys you get
> different ones each time.
[...]

Keep in mind that "time" may also be a poor choice as many of these
systems boot without a persistent state and so all start with their
clocks reading the same value (e.g., 1970-01-01T00:00:00Z). Often
they won't have a proper current time until well into the boot
process (or even later still). Best case you'll be feeding in the
relative variability of timing for the boot process up to the point
where the clock gets sampled. Depending on sample precision and the
unpredictability its component hardware enumeration process this
could still be plenty, I suppose, but that does of course support
your position that different platforms will require different sets
of inputs for a viable solution.
-- 
Jeremy Stanley


More information about the cryptography mailing list