[139811] in cryptography@c2.net mail archive
Re: CPRNGs are still an issue.
daemon@ATHENA.MIT.EDU (James A. Donald)
Thu Dec 11 20:29:25 2008
Date: Thu, 11 Dec 2008 10:46:51 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <20081205210001.GE13973@randombit.net>
Jack Lloyd wrote:
> I think the situation is even worse outside of the
> major projects (the OS kernels crypto implementations
> and the main crypto libraries). I think outside of
> those, nobody is even really looking. For instance -
>
> This afternoon I took a look at a C++ library called
> JUCE which offers (among a pile of other things) RSA
> and Blowfish. However it turns out that all of the RSA
> keys are generated with an LCRNG (lrand48, basically)
> seeded with the time in milliseconds.
>
http://www.randombit.net/bitbashing/security/juce_rng_vulnerability.html
If one uses a higher resolution counter - sub
microsecond - and times multiple disk accesses, one gets
true physical randomness, since disk access times are
effected by turbulence, which is physically true
random.
In Crypto Kong I added entropy at various times during
program initialization from the 64 bit performance
counter. Unfortunately the 64 bit performance counter
is not guaranteed to be present, so I also obtained
entropy from a wide variety of other sources - including
the dreaded millisecond counter that has caused so many
security holes.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
