[Cryptography] "Entropy as a Service: A New Resource for Secure Development"
james hughes
hughejp at me.com
Mon Aug 26 10:50:57 EDT 2019
> On Aug 25, 2019, at 4:07 AM, Bill Cox <waywardgeek at gmail.com <mailto:waywardgeek at gmail.com>> wrote:
>
> It's just a bad paper <https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=920992>, and a confusing article based on it. Here's the heart of their protocol:
>
> The client makes a HTTP GET request to the EaaS server, with the number of bytes of random data to return, and its own public key, which is used to encrypt the returned payload.
Using these numbers to seed an RND is dubious at best.
Another (more reasonable) approach to public random numbers (explicitly not keys) is
https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8213-draft.pdf <https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8213-draft.pdf>
Section 7 has ways that it can be used.
I expect that it has already been discussed…
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190826/715783da/attachment.htm>
More information about the cryptography
mailing list