[Cryptech Tech] ubuntu for the win!

[Bernd Paysan]

Am Samstag, 28. Februar 2015, 17:13:13 schrieb Russ Housley:
> Bernd:
> > If you want quick authenticated trustworthy entropy via TLS, just ask a
> > widely used server which has PFS implemented via ECDHE_ECDSA, and uses a
> > known CA for signing the certificates (e.g. Google).  The entropy you can
> > extract and trust is the ECDSA signature entropy, because if they mess
> > *that* one up, they will expose their key.
> 
> Yes, reuse of the k value would be a serious problem.
> 
> This is quite different that the pollinate server, especially since you
> picked a single place you trust to do ECDHE and ECDSAroperly.

Yes, the thing is "game theory": how can you trust somebody on a particular 
thing?  The game theory answer is: if he depends on it as much as you, or even 
more so.  So the second part you need to trust is just his competence, and if 
he's a competent player, he'll play the game so that his dependency works out 
well for him.  And the next important part is: don't let him even know what 
game you are actually playing, so he won't have a motivation to cheat you. And 
then, last, make sure that your query doesn't wake sleeping giants.

The least suspicious thing a cloud-hosed VM could possibly do at startup is 
some interaction with Google Analytics.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*