[Cryptech Tech] ubuntu for the win!

Russ Housley housley at vigilsec.com
Sat Feb 28 22:13:13 UTC 2015

Previous message: [Cryptech Tech] ubuntu for the win!
Next message: [Cryptech Tech] ubuntu for the win!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bernd:

>>>> fwiw ndn has a polliate server on random.nordu.net fed by a pair of
>>>> idquantique optical quantum devices
>>>> 
>>>>> https://wiki.ubuntu.com/Security/Features#prng-cloud
>>> 
>>> and gchq has a polliate server ....
>> 
>> The pages says that it provides a secure way to seed the PRNG.  How?  It
>> does not say how the authentication or trust relationships are handled.
> 
> If you want quick authenticated trustworthy entropy via TLS, just ask a widely 
> used server which has PFS implemented via ECDHE_ECDSA, and uses a known CA for 
> signing the certificates (e.g. Google).  The entropy you can extract and trust 
> is the ECDSA signature entropy, because if they mess *that* one up, they will 
> expose their key.

Yes, reuse of the k value would be a serious problem.

This is quite different that the pollinate server, especially since you picked a single place you trust to do ECDHE and ECDSAroperly.

Russ

Previous message: [Cryptech Tech] ubuntu for the win!
Next message: [Cryptech Tech] ubuntu for the win!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list