Re: Random Data from Geiger Counter

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

John Kelsey (kelsey@plnet.net)
Fri, 10 Jul 1998 16:13:48 -0500

Next message: Joe Rhett: "Re: SERNG"
Previous message: Mike Rosing: "Re: ECC"
In reply to: Perry E. Metzger: "Re: ECC"
Next in thread: David Wagner: "Re: Random Data from Geiger Counter"

> From: Adam Shostack <adam@homeport.org>
> To: William H. Geiger III <whgiii@invweb.net>
> Cc: The CodherPlunks list <CodherPlunks@toad.com>
> Subject: Re: Random Data from Geiger Counter
> Date: Thursday, July 09, 1998 4:41 PM

> William H. Geiger III wrote:
>
> | >In this field, especially as the base level of cryptosystems
gets better,
> | >attacks will be focused more and more on little chinks in the
> | >cryptographic armor. I prefer not to leave them through
sloppyness.

> Kelsey et al have a new paper on analyzing RNGs. Off of
counterpane.com
>

Actually, our paper talks about ways to cryptanalyze PRNGs, the
mechanisms that take hardware RNG bits and turn them into
cryptographically strong pseudorandom streams. So it's related, but
not the same issue. We looked at software PRNGs that use occasional
high-quality random input to reseed themselves, but we didn't talk
much about the specific kinds of flaws that existed. Another paper I
am aware of that talks more about the specific flaws in presumed
entropy sources in software PRNGs is by Peter Gutmann, presented at
Usenix Security Symposium, 1998. He wasn't talking about Geiger
counters, but about entropy samples available from PC operating
systems and such.

I agree with the comment by Geiger, though. Cryptanalytic attacks on
most block ciphers that get published are totally impractical for
actually attacking (say) an encrypting e-mail package, despite the
fact that they demonstrate important weaknesses in the ciphers in
some special cases. This leaves the practical attacker, who actually
needs to read traffic, looking at protocol failures, implementation
errors, random number generation, attacks on trust structures (like
certification hierarchies), etc.

--John Kelsey, kelsey@counterpane.com / kelsey@plnet.net
NEW PGP print = 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF

Next message: Joe Rhett: "Re: SERNG"
Previous message: Mike Rosing: "Re: ECC"
In reply to: Perry E. Metzger: "Re: ECC"
Next in thread: David Wagner: "Re: Random Data from Geiger Counter"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

All trademarks and copyrights are the property of their respective owners.
Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:16 ADT