[Cryptography] High volume thermal entropy from an iPhone
Tom Mitchell
mitch at niftyegg.com
Fri Dec 15 14:00:52 EST 2017
On Thu, Dec 14, 2017 at 5:35 AM, Will Yager <lists at yager.io> wrote:
>
> On Wed, Dec 13, 2017 at 9:54 PM, Dave Horsfall <dave at horsfall.org> wrote:
>
> I'm still learning here, but is that a weakness of crypto in general i.e.
> always avoid null keys and IVs, or AES in particular?
>
> The point is that statistical tests are not actually very useful for
> judging RNGs,
>
When building a key today a random number is used to start the search and
build the key.
One common trouble is a lot of random sources are the same and will
possibly return the same
or nearly the same result too often.
That sameness may reduce the key space from more than the number of atoms
in the universe to
less than the number of atoms in your pocket change. In my opinion
individuals using a non-standard
source of random that is decent and not disclosed to the attacker is better
than many of the
standard sources that may or may not be gamed.
Key management and generation are cornerstones and random is part of this.
I am a fan of multiple sources.
I do not fully trust the random bits in modern processors and operating
systems. The source "might" be a register
under control of Minix in Intel's Management Engine (ME) tech. Or it could
be marvelous hardware...
https://en.wikipedia.org/wiki/RdRand
or the deterministic random-bit generator called CTR_DRBG inside could be
too deterministic.
This is an interesting way to use common hardware.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171215/382ca3fb/attachment.html>
More information about the cryptography
mailing list