Re: cryptsetup problem
On 8/06/2014 8:02 AM, Bzzz wrote:
> On Sun, 08 Jun 2014 07:03:32 +1000
> Andrew McGlashan <firstname.lastname@example.org> wrote:
>> Installed now.... looks very good!
>> Thanks again
> Well, not so fast :(
> I didn't followed the RNGs analysis closely (I pick my
> randomness elsewhere), but I just stumble upon this paper:
> saying that neither regular /dev/urandom nor /dev/random
> are safe (& suggesting an attack against AES-128 CTR mode
> could succeed in only 2^64 attempts).
> This is a 2013 paper :(
Interesting, but I can't say that I fully understand it -- most of it is
way beyond my knowledge.
It seems that a /true/ hardware RNG that isn't pseudo is required,
anything less is subject to some kind of attack.
I am sure that Intel tried to get the Linux /dev/random to rely solely
on it's CPU solution (RNG), but that was considered a risk and therefore
such input is only used as ONE component. Using many components,
including the Intel one, is a method of getting better random numbers.
Given the 2013 paper, I would have to say that it is very likely that
this would have been followed up upon, but I can't find a reference.
Perhaps you can start a new thread for this concern and see what comes back.