Re: Initial entropy with no HWRNG

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: Initial entropy with no HWRNG
From: Taylor R Campbell <campbell+netbsd-tech-crypto%mumble.net@localhost>
Date: Tue, 12 May 2020 17:20:58 +0000

> Date: Tue, 12 May 2020 13:05:01 -0400 (EDT)
> From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
> 
> >> B1) Because they already got the binaries or the sources from us; we
> >> could simply tamper those to do the wrong thing instead.
> > Tampering is loud, but eavesdropping is quiet.  There is no way to do
> > this that is resistant to eavesdropping without a secret on the
> > client side.
> 
> Ironically, there is, from an algorithms perspective, the simplest
> perhaps being Diffie-Hellmann.  (D-H is as hard as discrete log, for
> passive eavesdroppers.  It's active MitM that it's not enough for.)
> The irony arises because, as far as I know, all such algorithms require
> randomness - or at least unpredictability to the attacker - on each
> end, making this a chicken-and-egg problem.
> 
> Or is that what you meant by "a secret"?

That is exactly what I meant by `a secret'.

References:
- Re: Initial entropy with no HWRNG
  - From: Mouse

Prev by Date: Re: Initial entropy with no HWRNG
Next by Date: Re: Initial entropy with no HWRNG
Previous by Thread: Re: Initial entropy with no HWRNG
Next by Thread: Re: Initial entropy with no HWRNG
Indexes:

Home | Main Index | Thread Index | Old Index