[9404] in cryptography@c2.net mail archive
Re: chip-level randomness?
daemon@ATHENA.MIT.EDU (Bram Cohen)
Thu Sep 20 00:03:07 2001
Date: Wed, 19 Sep 2001 15:20:35 -0700 (PDT)
From: Bram Cohen <bram@gawth.com>
To: Peter Fairbrother <peter.fairbrother@ntlworld.com>
Cc: Pawel Krawczyk <kravietz@aba.krakow.pl>,
cryptography@wasabisystems.com
In-Reply-To: <B7CEC024.D82A%peter.fairbrother@ntlworld.com>
Message-ID: <Pine.LNX.4.21.0109191516420.19149-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 19 Sep 2001, Peter Fairbrother wrote:
> Bram Cohen wrote:
>
> > You only have to do it once at startup to get enough entropy in there.
>
> If your machine is left on for months or years the seed entropy would become
> a big target. If your PRNG status is compromised then all future uses of
> PRNG output are compromised, which means pretty much everything crypto.
> Other attacks on the PRNG become possible.
Such attacks can be stopped by reseeding once a minute or so, at much less
computational cost than doing it 'continuously'. I think periodic
reseedings are worth doing, even though I've never actually heard of an
attack on the internal state of a PRNG which was launched *after* it had
been seeded properly once already.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
