[Cryptography] Proper Entropy Source
Ryan Carboni
ryacko at gmail.com
Fri Mar 6 16:59:59 EST 2020
well, since I'm sure everyone here has read into RDRAND because that
was a hot topic a while back...
https://software.intel.com/en-us/blogs/2012/11/17/the-difference-between-rdrand-and-rdseed
"If you put two 64-bit values with additive prediction resistance
togehter [sic], the prediction resistance of the resulting value is
only 65 bits"
now, if you can observe when multiple events occur, each event
providing 10 bits of entropy (I think entropy estimates are
conservative for different reasons), you can engage in something
similar to a meet-in-the-middle attack. This isn't advanced math, I
never passed community college calculus.
There is some boot entropy in reading RAM, reading (at most) a few
random gigabytes of physical RAM might provide a few bits with minimal
additional boot latency, there is some clock drift in CPUs, so there
might be twenty bits of entropy there, CPUs are fairly asynchronous
internally, and RAM operates on their own clock so there is some
entropy in using interactions between the processor and RAM. This
isn't complex stuff.
I wonder why no one speaks much about it.
Anyway, it is unlikely the minimum amount of security practically
obtainable will be much more than the cost of bruteforcing a 72-bit
key.
More information about the cryptography
mailing list