[Cryptography] Proper Entropy Source
Phillip Hallam-Baker
phill at hallambaker.com
Thu Jan 23 11:35:26 EST 2020
On Wed, Jan 22, 2020 at 4:41 PM Salz, Rich via cryptography <
cryptography at metzdowd.com> wrote:
>
> >
> https://www.developer.com/tech/article.php/10923_616221_3/How-We-Learned-to-Cheat-at-Online-Poker-A-Study-in-Software-Security.htm
>
> That article is nearly 20 years old. Sheesh. Ignore it.
>
I told Netscape that their random number generation was broken in 1994,
they were broken in 1995 and again in 1997.
Wait long enough and the same old bugs return. Someone made off with plenty
of BTC loot by looking for wallets with weak keys and emptying them all.
This is why I am proposing this
https://tools.ietf.org/id/draft-hallambaker-threshold-00.html
The device chooses a random seed, the administrator chooses a random seed.
The final keypair is produced from both seeds in such a fashion that both
parties can prove that their seed material was included.
The key point here is that we need unguessable seeds not just randomness.
The UDF key derivation scheme I am using for the Mesh provides additional
assurances. Every key whether RSA, ECDH or anything else is generated from
a seed via a KDF. Thus a suspicious party can verify that an implementation
is behaving as it is supposed to by separating the seed generation. seed
combination and key generation processes and checking each in isolation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200123/3e9fc166/attachment.htm>
More information about the cryptography
mailing list