[140329] in cryptography@c2.net mail archive
Re: CPRNGs are still an issue.
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Dec 17 12:22:24 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: Joachim@Strombergson.com
Cc: cryptography@metzdowd.com
In-Reply-To: <4946AFD6.6000703@Strombergson.com>
Date: Wed, 17 Dec 2008 17:14:49 +1300
=?ISO-8859-1?Q?Joachim_Str=F6mbergson?= <Joachim@Strombergson.com> writes:
>Damien Miller wrote:
>> Until someone runs your software on a SSD instead of a HDD. Oops.
>
>That is a very good observation. I would bet loads of GM stocks that very few
>people realise that moving from 0ld sk00l HDD to SSD would affect their
>entropy sources.
This is only going to be a problem if your RNG is... well, to be blunt, stupid
enough to rely entirely on HDD timings as an entropy source. I would hope
that any well-designed entropy polling system would use as many sources as
possible for the simple reason that otherwise a single failure can destroy the
security of your entire system. In other words an entropy polling mechanism
should see the change from HDD to SSD as nothing more than a small glitch for
its fault-tolerant front-end to accomodate and continue as before.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
