[Cryptech Tech] RAM as source of entropy
Василий Долматов
dol at reedcat.net
Fri Feb 7 07:09:21 UTC 2014
06 февр. 2014 г., в 18:39, Joachim Strömbergson <joachim at secworks.se> написал(а):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Aloha!
>
> Василий Долматов wrote:
>> 06 февр. 2014 г., в 17:50, Leif Johansson <leifj at sunet.se>
>> написал(а):
>>> On 2014-02-06 14:43, Василий Долматов wrote:
>>>> «Less» than «more». Unusable as a source.
>>> can you elaborate?
>> No.
>
> Seriously Dol, can you then spend a few minutes to write a few sentences
> on how you see we should go about providing a couple of entropy sources?
That’s another question… ;)
Due to extreme importance of the quality of randomness for the security of any cryptography
the random source should be extremely reliable, being the cornerstone of the cryptosystem.
The only proper source of randomness now is based upon usage of the noise diode.
Any other sources have much worse quality, so effectively converting all cryptography building upon it to the «security theatre».
If it is necessary to have couple entropy sources (I can see only one reason for it - the redundancy - but, being sincere I cannot imagine the necessity of entropy sources being redundant in such device, if source fails, it is much more simple way to throw out whole device and replace it with the new one), that could be done by placing two _identical_ sources into the device.
> Or at least your thought on what random numbers Cryptech should providde
> and how we are to do that.
See above.
>
> I can suggest solutions all day, but zero knowledge oracle responses to
> these suggestions are not going to be a very efficient method of
> reaching a solution we agree on.
>
dol@
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4815 bytes
Desc: not available
URL: <http://cryptech.is/pipermail/tech/attachments/20140207/51fe5bd2/attachment.bin>
More information about the Tech
mailing list