On 8/06/2014 8:02 AM, Bzzz wrote: > On Sun, 08 Jun 2014 07:03:32 +1000 > Andrew McGlashan <[email protected]> wrote: > >> Installed now.... looks very good! >> >> Thanks again > > Well, not so fast :( > > I didn't followed the RNGs analysis closely (I pick my > randomness elsewhere), but I just stumble upon this paper: > https://eprint.iacr.org/2013/338.pdf > > saying that neither regular /dev/urandom nor /dev/random > are safe (& suggesting an attack against AES-128 CTR mode > could succeed in only 2^64 attempts). > > This is a 2013 paper :(
Interesting, but I can't say that I fully understand it -- most of it is way beyond my knowledge. It seems that a /true/ hardware RNG that isn't pseudo is required, anything less is subject to some kind of attack. I am sure that Intel tried to get the Linux /dev/random to rely solely on it's CPU solution (RNG), but that was considered a risk and therefore such input is only used as ONE component. Using many components, including the Intel one, is a method of getting better random numbers. Given the 2013 paper, I would have to say that it is very likely that this would have been followed up upon, but I can't find a reference. Perhaps you can start a new thread for this concern and see what comes back. Cheers A. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
