Re: Randomness using computers
- From: MrD <mrdemeanour@xxxxxxxxxxxxxxx>
- Date: Mon, 10 Jan 2011 14:04:16 +0000
On 10/01/2011 10:19, Kristian Gjøsteen wrote:
You build an application that relies on a source of bits, and you
prove that the application is secure (for some value of secure)
provided the source of bits provides random bits.
Now, I claim that you can replace that source of bits with a
properly designed /dev/urandom, and your application will remain
secure.
Is the implementation of /dev/urandom in (say) Debian Linux "properly
designed"?
Does it remain "properly designed" in the event that the system it's
running on has an empty "entropy" pool (i.e. /dev/random has dried up)?
Is it still "properly designed" if it is running off a Live CD, so that
the initial pool is identical each time the machine starts?
Why? By the assumption of proper design, the output bits of
/dev/urandom should be indistinguishable from random bits. If your
application becomes insecure when the random source is replaced by
/dev/urandom, then that application plus the attack on that
application is essentially a distinguisher for /dev/urandom, which
should not exist by the initial assumption. It follows that your
application should not become insecure by replacing the random source
with /dev/urandom.
Thanks, that's very clear; I can follow that reasoning.
--
MrD.
.
- Follow-Ups:
- Re: Randomness using computers
- From: Kristian Gjøsteen
- Re: Randomness using computers
- References:
- Randomness using computers
- From: Maaartin
- Re: Randomness using computers
- From: MrD
- Re: Randomness using computers
- From: Kristian Gjøsteen
- Re: Randomness using computers
- From: MrD
- Re: Randomness using computers
- From: Kristian Gjøsteen
- Randomness using computers
- Prev by Date: Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars
- Next by Date: deterministic (EC)DSA
- Previous by thread: Re: Randomness using computers
- Next by thread: Re: Randomness using computers
- Index(es):
Relevant Pages
|
