[Cryptography] Proper Entropy Source
Jerry Leichter
leichter at lrw.com
Wed Jan 29 14:23:30 EST 2020
> The best you cam do is make some plausible bounds on an attacker's ability to guess things.
This is curiously parallel to the traditional approach to leakage channels: We can't practically close them down so we get "plausible bounds" on the rate at which the channel can leak bits and thus on "the attacker's ability to [get useful information]."
Of course, what we now know is that even a very, very low bandwidth leakage channel can do really big damage if it's used to leak a cryptographic key. The key effectively compresses a huge amount of information (in combination with the encrypted data, which of course we assume is available) into just a small number of bits....
Similarly, bounds on "how far away we are from random/unguessable" can be really problematic in some situations, where giving the attacker even a fairly small amount of known bias to work with may actually give him a significant "in" to the system.
-- Jerry
More information about the cryptography
mailing list