NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: WARNING pseudorandom rekeying

Jean-Yves Migeon <> wrote:

> > And if the attacker can test it remotely, we should be able to
> > test it locally with access to the private key, or am I missing 
> > something?
> I do not understand that part -- what do you mean? Collecting entropy
> information through side channels like TCP ack/seq numbers, SYN cookies,
> ... ?

If the attacker is able to factor a key using knowledge of skewed PRNG,
then we should be able to do the same in order to test key strength. And
since such a test would ran locally, it could have unlimited access to
crypto generated using the private key.

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index