I have changed the subject line since this is veering off the original topic.
Martin Husemann wrote: > On Tue, May 12, 2020 at 10:00:20AM +0300, Andreas Gustafsson wrote: > > we have entropy when we don't. Adding more sources could mean > > reintroducing some timing based sources after careful analysis, but > > also things like having the installer install an initial random seed > > on the target machine (and if the installer itself lacks entropy, > > asking the poor user to pound on the keyboard until it does). > > I was thinking about the installer part and wondered if there is a less > obstrusive way - like: I know I have machines in my local network (a) that > I trust and (b) that I know have good entropy. Could the installer (on > request) bring up the network and query some things like time from a time > server and entropy from a known good source? The keyboard method would > of course still be needed as many users won't have the needed local servers. To safely do this over an untrusted network, you would need to establish an encrypted connection with the randomness server, but protocols like TLS themselves require randomness. And if you have randomess, you might as well seed the target with it directly. Even if you use a simpler encryption scheme that does not need randomness, you still need a key, and if you have a key that's long enough to be secure, you might as well construct the seed directly from that. I suspect that any attempt to bootstrap entropy over an untrusted network will necessarily have to involve some kind of leap of faith. -- Andreas Gustafsson, g...@gson.org
