[Cryptography] What are the sources of randomness used by LibSodium on Windows?

[Tom Mitchell]

On Tue, Feb 4, 2020 at 5:54 PM <jamesd at echeque.com> wrote:

> What are the sources of randomness used by LibSodium on Windows?
>
> We can be pretty sure that randomness is under organized attack, because
> we can be pretty sure that RDRAND is backdoored.
> https://blog.jim.com/crypto/rdrand


It is possible to build your own libsodium object and know.
If the caution is “windows + hardware” that is turtles all the way down.

If the hardware is suspect, guessable can be made less guessable with a
local ephemeral smallish one time pad or even reading in an 8x8 struct and
the read out the bits by column not row or some personal swizzle.  Edit the
binary so the instruction becomes a call.

What is the specific threat that needs to be addressed?

Serious master keys may demand some dedicated hardware.
Bubble generators + smoke machines lava lamps ...  where part of the
hardware is not mass produced ... the way blocks on silicon are.

random like some protocols needs a default and a slower but safer strategy.

When was it that ssh was broken enough that telnet was better.

<https://blog.jim.com/crypto/rdrand>

-- 
Tinny keyboard.. Mobile ... I am
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200223/4b2925ff/attachment.htm>