[Cryptography] RNG design principles
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Nov 30 04:01:43 EST 2016
John Denker <jsd at av8n.com> writes:
>> but only once it is properly seeded.
>
>There is no but. It must be properly seeded, always.
Not picking on you specifically here, but it's interesting that many times
when I point out some stereotypical security person's response being at odds
with how non-security-geeks see the world, someone comes along and confirms
the stereotype (it happened on CFRG recently, to a level where I was able to
incorporate some of the responses into a talk :-).
Anyway, to pull a scenario from my previous message: Large EDI-based trading
network that can't go down, ever. A tiny, insignificant component of this is
the crypto. The RNG there reports it's not getting enough entropy. What do
you do?
This is a single representative example, substitute something like "factory-
floor SCADA network that can't guarantee entropy", etc. Wishing away the
problem, e.g. "they need to add a hardware entropy source to each device",
isn't allowed.
Peter.
More information about the cryptography
mailing list