Re: One real life secure random generator

John Kelsey (kelsey@plnet.net)
Wed, 15 Jul 1998 23:46:53 -0500

• Next message: John Kelsey: "Re: Random Data from Geiger Counter"
• Previous message: Bruce Schneier: "Re: Elliptical Curve Encryption"
• Next in thread: Bill Frantz: "Re: One real life secure random generator"
• Reply: Bill Frantz: "Re: One real life secure random generator"

> From: Bill Frantz <frantz@communities.com>
> To: bram <bram@gawth.com>
> Cc: CodherPlunks@toad.com
> Subject: Re: One real life secure random generator
> Date: Wednesday, July 15, 1998 4:11 PM
 
> Of course, if you assume that your attacker has hacked your
machine, you're
> toast. There is nothing you can do.

There are other ways an attacker might get control of at least some
of your PRNG inputs, though. Some applications feed in random
nonces, user-supplied passwords, etc., into their PRNG. Why not--it
should't hurt anything, if the PRNG is well designed. On
tamper-resistant devices, it may be easier to get some level of
control over the RNG (maybe just frying it so it gives only zeros or
something) than to defeat other tamper resistance. Once you can get
the RNG to deliver the same random parameter for two DSA signatures,
you get the DSA signing key.

--John
 

• Next message: John Kelsey: "Re: Random Data from Geiger Counter"
• Previous message: Bruce Schneier: "Re: Elliptical Curve Encryption"
• Next in thread: Bill Frantz: "Re: One real life secure random generator"
• Reply: Bill Frantz: "Re: One real life secure random generator"