[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cryptsetup problem



On 8/06/2014 8:02 AM, Bzzz wrote:
> On Sun, 08 Jun 2014 07:03:32 +1000
> Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
> 
>> Installed now.... looks very good!
>>
>> Thanks again
> 
> Well, not so fast :(
> 
> I didn't followed the RNGs analysis closely (I pick my
> randomness elsewhere), but I just stumble upon this paper:
> https://eprint.iacr.org/2013/338.pdf
> 
> saying that neither regular /dev/urandom nor /dev/random
> are safe (& suggesting an attack against AES-128 CTR mode 
> could succeed in only 2^64 attempts).
> 
> This is a 2013 paper :(

Interesting, but I can't say that I fully understand it -- most of it is
way beyond my knowledge.

It seems that a /true/ hardware RNG that isn't pseudo is required,
anything less is subject to some kind of attack.

I am sure that Intel tried to get the Linux /dev/random to rely solely
on it's CPU solution (RNG), but that was considered a risk and therefore
such input is only used as ONE component.  Using many components,
including the Intel one, is a method of getting better random numbers.

Given the 2013 paper, I would have to say that it is very likely that
this would have been followed up upon, but I can't find a reference.
Perhaps you can start a new thread for this concern and see what comes back.

Cheers
A.


Reply to: