[145772] in cryptography@c2.net mail archive
Re: questions about RNGs and FIPS 140
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sat Aug 28 11:46:42 2010
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: jsd@av8n.com, tom@electric-sheep.org
Cc: cryptography@metzdowd.com
In-Reply-To: <4C77F06E.4000500@av8n.com>
Date: Sat, 28 Aug 2010 18:39:42 +1200
John Denker <jsd@av8n.com> writes:
>There exist lots of small and/or embedded and/or virtual Linux systems that
>have no useful sources of entropy.
Interesting that you should mention this, I was having a debate earlier today
on the use of DLP/ECDLP-based cryptosystems vs. RSA in embedded devices. My
argument was that DLP, and particularly ECDLP, looked good on paper but in
practice were quite dangerous because the lack of entropy on the very limited
systems that they're being pushed for makes it risky to use them there. So
far of the three ECDLP-using embedded devices I've been able to look at in
detail, all three failed to use proper entropy where required and one
definitely and the other two probably didn't check the key parameters as
required either.
(Cue debate on ECC vs. RSA :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
