Re: One real life secure random generator

New Message Reply About this list Date view Thread view Subject view Author view

John Kelsey (kelsey@plnet.net)
Wed, 15 Jul 1998 23:46:53 -0500


> From: Bill Frantz <frantz@communities.com>
> To: bram <bram@gawth.com>
> Cc: CodherPlunks@toad.com
> Subject: Re: One real life secure random generator
> Date: Wednesday, July 15, 1998 4:11 PM
 
> Of course, if you assume that your attacker has hacked your
machine, you're
> toast. There is nothing you can do.

There are other ways an attacker might get control of at least some
of your PRNG inputs, though. Some applications feed in random
nonces, user-supplied passwords, etc., into their PRNG. Why not--it
should't hurt anything, if the PRNG is well designed. On
tamper-resistant devices, it may be easier to get some level of
control over the RNG (maybe just frying it so it gives only zeros or
something) than to defeat other tamper resistance. Once you can get
the RNG to deliver the same random parameter for two DSA signatures,
you get the DSA signing key.

--John
 


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:25 ADT