Re: One real life secure random generator

Bill Frantz (frantz@netcom.com)
Thu, 16 Jul 1998 00:15:44 -0800

• Next message: Hamdi Tounsi: "security of single rsa bits"
• Previous message: bram: "Entropy loss"
• In reply to: John Kelsey: "Re: Random Data from Geiger Counter"
• Next in thread: Ben Laurie: "Re: One real life secure random generator"

At 8:46 PM -0800 7/15/98, John Kelsey wrote:
>> From: Bill Frantz <frantz@communities.com>
>> To: bram <bram@gawth.com>
>> Cc: CodherPlunks@toad.com
>> Subject: Re: One real life secure random generator
>> Date: Wednesday, July 15, 1998 4:11 PM
>
>> Of course, if you assume that your attacker has hacked your
>machine, you're
>> toast. There is nothing you can do.
>
>There are other ways an attacker might get control of at least some
>of your PRNG inputs, though. Some applications feed in random
>nonces, user-supplied passwords, etc., into their PRNG. Why not--it
>should't hurt anything, if the PRNG is well designed. On
>tamper-resistant devices, it may be easier to get some level of
>control over the RNG (maybe just frying it so it gives only zeros or
>something) than to defeat other tamper resistance. Once you can get
>the RNG to deliver the same random parameter for two DSA signatures,
>you get the DSA signing key.

This has always been one of my major worries about DSA. Lets see, 2 years,
2 months, and 4 days for RSA by my calculations.

-------------------------------------------------------------------------
Bill Frantz | If hate must be my prison | Periwinkle -- Consulting
(408)356-8506 | lock, then love must be | 16345 Englewood Ave.
frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA

• Next message: Hamdi Tounsi: "security of single rsa bits"
• Previous message: bram: "Entropy loss"
• In reply to: John Kelsey: "Re: Random Data from Geiger Counter"
• Next in thread: Ben Laurie: "Re: One real life secure random generator"