[Cryptography] OpenSSL CSPRNG work

John Denker jsd at av8n.com
Fri Jul 7 14:36:27 EDT 2017 

Let me clarify something I said earlier.  What I should have said was:

  There are some platforms that are not secure, and no amount of fiddling
  with the software will make them secure.

  As a corollary, installing a new&improved version of openssl has no
  chance of making them secure.

I still insist that the existence of such platforms must not be used
a pretext for doing a bad job on platforms where a good job would
have been possible.

Furthermore, the absence of an all-software solution does not mean
we just throw up our hands and walk away.  To the guy who owns a
bunch of embedded controllers, I would say this:

  You are a businessman.  You presumably know about scenario planning.
  Here are three scenarios to consider:

  In scenario A, you air-gap those things immediately.  You put them
  in a locked and guarded room, to make sure they stay air-gapped.
  You bear the cost of not being able to sit at home in your pajamas
  and monitor the production line from there, until such time as you
  bear the cost of installing some major upgrades.

  In scenario B, you wait until you discover that you can no longer
  sell anything, because some overseas competitor has ripped off all
  your intellectual property, and is offering the same product line
  at a fraction of the cost.  You declare bankruptcy, sell all your
  equipment for scrap, and lay off all your highly-trained workers.

  In scenario C, you actually win a sales contract, but this is even
  worse than the previous scenario.  You cannot fulfill the contract,
  because a stuxnet-style attack has done irreversible damage to all
  your equipment.  And you're being sued for negligence, for being
  an incubator and a vector whereby the malware attacked everybody
  else.

It's your choice.

Also, on 07/06/2017 10:17 PM, Christian Huitema wrote:

> What is the easiest, convincing device makers to safely manage such a
> seed, or convincing them to add some kind of hardware generator of
> randomness?

That's a good question.  It depends.  It's hard to make anything
foolproof, because fools are so ingenious.

Even so, the hardware solution has one advantage:  It can make
randomness from scratch.  The list of things that can go wrong,
while not short, is at least finite.  That stands in contrast
to a PRNG which got its seed from a PRNG which got its seed
from .......

In theory the hardware solution "costs more" but in fact the hard
cost is so small that it's not worth worrying about.  The cost of
arguing about it exceeds the actual hard cost.

There is an attitude in the software community that everything
"should" have an all-software solution.  Well, randomness is an
exception.  This has been understood since even before there
was a software community, or even a computer industry.  John
von Neumann had something to say about this.

=============

There are plenty of embedded whatsits out there where you cannot
upgrade the hardware *or* the firmware, and those are a security
problem ... but they are irrelevant to this discussion.  By
definition, you cannot install a new version of openssl on such
a system.

More information about the cryptography mailing list