[Cryptography] High volume thermal entropy from an iPhone
Max Skibinsky
max at skibinsky.com
Fri Dec 15 18:22:31 EST 2017
> There's another thing to consider: Even assuming NSA-level resources, it
> would be impossible to rig every potential source of randomness out there.
> And suppose you actually put this out there, and thousands of random hackers
> adopted it. Would that be important enough for NSA to go to the trouble of
> forcing Apple to rig everyone's phones just to get to those? And - unless
I would give Alexandre's point #4 more credibility, because realistic
scenario would be far simpler. NSA-level resources are not required to
force Apple to corrupt the firmware. NSA-level resources make it
reasonable assumption they might simply find from extensive research
some mathematical or electronical patterns in specific camera model
software stack that are not in fact "natural" thermal noise but, say,
artefacts of specific circuits. (if pixel 1 reports noise 10, pixel 2
always will report noise 11). if such patterns exist the actual
entropy could be far less than our statistical estimates. Do such
weaknesses exist at all in current stack? We simply do not know, thus
we can not give "entropy guarantee" for this method, which would be
possible only after strong mathematical validation, along with full
control own hardware and software stack. But then of course you
wouldn't have 1,000,000,000 install base of devices... Filed under
"crypto-engineer and crypto-scientist walk into the bar...."
> We often remark here that you should rely on proven code from experts, not
> do your own crypto code. That's true with respect to some kinds of attack
> scenarios, not so simple with respect to others. If you're a small target,
> making sure that attacks against you are significantly distinct from attacks
> against the big targets is probably not a bad idea.
One of the craziest story I heard recently: friend of a friend here in
SF suffered from verbal diarrhea about this Ƀ ownership. Eventually he
got what was coming for him: gang of thieves figured out his bank, the
location of safe deposit box with his seed phrase, and attacked that
branch at night to cut out with acetylene torch his individual box.
But stupidity multiplied by stupidity sometimes is equal to a big plus
- he was silly enough to use some sort of homebrew phrase derivation
schema, and that stumped thieves long enough for Mr. Stupid to move
his coins away.
More information about the cryptography
mailing list