[Cryptography] combining lots of lousy RNGs ... or not

Michael Kjörling michael at kjorling.se
Tue Nov 22 04:14:50 EST 2016 

On 21 Nov 2016 15:53 -0700, from jsd at av8n.com (John Denker):
> Having two trusted RNGs would be great, but in the meantime, given the
> choice between one trusted RNG and a whole steaming pile of untrusted
> RNGs, you are much better off with the one good one.

The problem with this line of reasoning is that it requires that the
concept of "trust" is determinable in the general case by anyone, and
that everyone looking at the same data reaches the same conclusion.
_That is not the case._ One entity may perfectly well trust some
technology or implementation, while at the same time another entity
has complete distrust in that same technology or implementation. As
such, the reasoning falls apart.

RDRAND may be for all practical intents and purposes perfectly secure.
It may also trivially be completely broken by anyone with knowledge of
exactly how it works. It could also have been designed to be secure,
but a flaw in the design or implementation makes it vulnerable to some
attack. The point is, _we don't know which._ And in the absence of
that knowledge, people are going to look at it (or any other
technology) and come to different conclusions about to what extent it
is trustworthy. Part of those conclusions are going to be based on
solid, quantifiable things like a well-designed threat model and
thorough analysis of how the technology in question holds up against
that threat model; and part of them are going to be based on paranoia
or blind trust, whether appropriate or misplaced.

So in a situation where there are many distinct, disparate trust
zones, and there is no one point among those that everyone can agree
is trustworthy, meaning there is no technology that everyone can agree
is sufficiently secure for some specific use (in this case,
cryptographically secure random number generation), _what is the best
we can do?_

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the cryptography mailing list