[Cryptography] combining lots of lousy RNGs ... or not
Bill Frantz
frantz at pwpconsult.com
Tue Nov 29 00:12:21 EST 2016
On 11/22/16 at 3:13 AM, leichter at lrw.com (Jerry Leichter) wrote:
>Triple rot13, indeed.
But triple DES IS better than single DES.
The algorithms used matter. Rot13 is bad encryption algorithm
because it has no mixing. XOR is a poor combiner because A XOR A
==> 0, losing all randomness and producing a predictable output
when the two inputs are perfectly correlated.
Probably a secure hash in hash(1, A) XOR hash(2, A) ==> not
zero, perserving some of the input randomness in A. BUT, I know
of no proof of this assertion.
I must admit that I am very nervous about trusting only one
source and feel more comfortable combining sources. If I combine
RDRAND with mouse movement locations and timings I have sources
that require my opponent to have very different mechanisms to
compromise. If RDRAND is compromised, it is most likely by a
nation state attacker who probably doesn't have access to the
detailed timing of operations on my computer. Using dev/random
or dev/urandom (they are the same on my computer) as a combiner
is fine. If my opponent has access to both sources, or has
compromised the combiner in the OS, then I am truly toast. He
can control anything my computer can control and access any
information stored on my computer. Good random numbers won't help.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product. | 16345
Englewood Ave
www.pwpconsult.com | | Los Gatos,
CA 95032
More information about the cryptography
mailing list