[Cryptography] RNG design principles

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Nov 30 04:01:43 EST 2016

John Denker <jsd at av8n.com> writes:

>> but only once it is properly seeded. 
>There is no but.  It must be properly seeded, always.

Not picking on you specifically here, but it's interesting that many times
when I point out some stereotypical security person's response being at odds
with how non-security-geeks see the world, someone comes along and confirms
the stereotype (it happened on CFRG recently, to a level where I was able to
incorporate some of the responses into a talk :-).

Anyway, to pull a scenario from my previous message: Large EDI-based trading
network that can't go down, ever.  A tiny, insignificant component of this is
the crypto.  The RNG there reports it's not getting enough entropy.  What do
you do?

This is a single representative example, substitute something like "factory-
floor SCADA network that can't guarantee entropy", etc.  Wishing away the
problem, e.g. "they need to add a hardware entropy source to each device",
isn't allowed.


More information about the cryptography mailing list