|From:||Theodore Ts'o <tytso-AT-mit.edu>|
|Subject:||Re: cheap sources of entropy|
|Date:||Tue, 21 Jan 2014 10:10:16 -0500|
On Mon, Jan 20, 2014 at 04:46:23PM -0000, firstname.lastname@example.org wrote: > > Paranoid Entropy Trap: > The tendency to get no entropy because you turned off all the sources of > entropy, because you don't trust any of them. My answer to this is to mix from as many sources as possible, in the hopes that one or more of them can not be predicted by the attacker. Yes, this may be less efficient, but that's engineering tradeoffs for you --- and how many applications really *do* need 3 gigabits per second of cryptographic grade random numbers? :-) The other thing I'd note is that I fear people are focusing more attention on the random number generator and less on other parts of the entire solution. Maybe it's because of Parkinson's Law of Triviality  http://zsoltfabok.com/blog/2013/01/parkinsons-law/ I'm not sure whether the RNG is better characterized as the "bite shed" or the "coffee for refreshments" as described in Parkinson's 3rd chapter, "High Finance, or the Point of Vanishing Interest", but I know one thing for sure. It's not the 10 million pound nuclear reactor. Remember, the system is always going to be secure as its weakest link, and having the most wonderful RNG in the world isn't going to help you if the NSA has diverted your hardware and installed a miniature radio transmitter into the guts of your system. Or if you aren't using the latest security updates, and worse yet, using PHP, and there's flaw in your web framework that hasn't been patched or you don't know about. (Some people have talked about using Own Cloud as being more secure than cloud services from companies like Amazon or FaceBook. Now, the founder of OwnCloud the startup is a friend of mine, and I wish him all of the best success in the world. But the fact it uses PHP for its web front end makes me shudder with fear.) And of course, it might not be PHP; it might be security weakness with your web server, or with your security assumptions that everything befind your firewall is secure --- but then it turns out that your access point is running a 2.4 based kernel to support an ancient legacy binary-only blob, and it's been cracked to a fair-thee-well, and then the attacker has used that to establish a beachhead from your "smart refridgerator", and is then attacking your internal infrastructure from there. So don't get me wrong; having a good RNG is important. But I do find it interesting the volume of attention it is getting on this mailing list compared to all of the other things that we have to get right in order for the entire solution to be secure. It may be my own personal area of interest, but let's be realistic here. If it's a hundred times easier to break into a firmware update system and hide something in your printer, or your BIOS, or your router, then maybe that's the path which various criminal groups or other foreign intelligence services (especially including those who are most likely much less well resourced than the nSA) will use to screw you over. - Ted _______________________________________________ The cryptography mailing list email@example.com http://www.metzdowd.com/mailman/listinfo/cryptography
Copyright © 2014, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds