Re: cryptsetup problem
On Sun, 08 Jun 2014 08:35:21 +1000
Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
> It seems that a /true/ hardware RNG that isn't pseudo is required,
> anything less is subject to some kind of attack.
This would be the best (bestofzebest is the measure of the
decay of a radioactive element… which will be feasible
in one or two months, when Fukushima streams will reach
the us west coast;)
There are also some devices (USB or PCI), but they almost
have all the same problem: they're manufactured in the usa
or in uk (so, credibility, from 0 to 10, is ~ -100) :(
> I am sure that Intel tried to get the Linux /dev/random to rely
> solely on it's CPU solution (RNG), but that was considered a risk
> and therefore such input is only used as ONE component. Using
> many components, including the Intel one, is a method of getting
> better random numbers.
Yeah, that's in all serious papers.
> Given the 2013 paper, I would have to say that it is very likely
> that this would have been followed up upon, but I can't find a
> reference. Perhaps you can start a new thread for this concern and
> see what comes back.
ZE problem is: in 2013, there were major changes in the
random section of the kernel (for both urandom and random),
so, the question is: when was this paper issued?
I'd say before these changes (it doesn't mention them),
thus, at least /dev/random might be cleared from these
flaws, which makes it quite a good candidate for crypto
(on the condition that random sources often run on the
machine, ie: web radio & DVB dongle).
--
Amélie : Hey have you got Home Sweet Alabama?
L i s a . : Invert the first two words and I surely could find that
Amélie : have hey you got Home Sweet Alabama?
Reply to: