[Cryptography] "Entropy as a Service: A New Resource for Secure Development"
Tom Mitchell
mitch at niftyegg.com
Wed Aug 28 17:25:35 EDT 2019
On Sat, Aug 24, 2019 at 6:40 PM Jerry Leichter <leichter at lrw.com> wrote:
> OK, this one has me puzzled. I can't figure out if they are talking about
> better entropy generators running within individual machines, or some kind
> of centralized entropy generation service (secured how?) or ... what,
> exactly.
>
> I guess everything the becomes a buzzword is someone's business
> opportunity....
>
>
> https://www.business2community.com/cybersecurity/entropy-as-a-service-a-new-resource-for-secure-development-02230605
In this room of experts this service seems silly.
They say: "Companies can even use EaaS outside a development context.
Comparing keys generated through software-based resources against new
entropy reveals whether those keys are actually secure. Instead of assuming
cryptography is secure, EaaS tests it objectively. " and testing one key or
even a dozen is foolish logic.
In a development context where this is important I suspect that reaching
out to some service is a rather large risk.
It might however make sense for an IOT startup to be able to point at a
contract service for liability reasons.
It does seem that it is a better choice than allowing some new hire roll
one in house from a blank screen for
the same reasons that one should not invent their own crypto.
None here would trust hardware from a factory process that self-seeds
unique SSH keys or product keys of any length from
budget SOC parts in an early boot and short test cycle. Especially parts
without a hardware TRNG. We have had lengthy discussions about the The Arm
TrustZone TRNG hardware module and the Intel equivalent in hardware and if
there is some risk hidden in the hardware of vendor after vendor so even
TRNG hardware is a thing.
They overestimate the value of human generated entropy from mice and
keyboards.
They make allusions to historic news: "...investigation of the
cryptographic keys inside firewalls and routers. Multiple duplicate keys
were discovered, offering bad actors an easy way to bypass encryption."
[possibly this link of research]
https://www.pcworld.com/article/2886432/tens-of-thousands-of-home-routers-at-risk-with-duplicate-ssh-keys.html
"The problem is not unique to home routers. Cloud computing providers have
occasionally made mistakes by not generating fresh SSH keys with new
instances of virtual machines, Matherly said."
Early boot time is fragile... I often see:" random: systemd: uninitialized
urandom read (16 bytes read)" in boot logs.
So there is validation that a factory development process should have a
reach out and get the good stuff trick or two.
Now what is 'the good stuff'? Is there an audit process recommended for
the developer.
Is there an audit process that the developer can apply to maintain a
quality log.
As a group how would we evaluate such a service?
-
T o m M i t c h e l l ( o n N i f t y E g g )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190828/135d8789/attachment.htm>
More information about the cryptography
mailing list