Randomness servers

[Andreas Gustafsson <gson%gson.org@localhost>]

I have changed the subject line since this is veering off the original
topic.

Martin Husemann wrote:
> On Tue, May 12, 2020 at 10:00:20AM +0300, Andreas Gustafsson wrote:
> > we have entropy when we don't.  Adding more sources could mean
> > reintroducing some timing based sources after careful analysis, but
> > also things like having the installer install an initial random seed
> > on the target machine (and if the installer itself lacks entropy,
> > asking the poor user to pound on the keyboard until it does).
> 
> I was thinking about the installer part and wondered if there is a less
> obstrusive way - like: I know I have machines in my local network (a) that
> I trust and (b) that I know have good entropy. Could the installer (on
> request) bring up the network and query some things like time from a time
> server and entropy from a known good source? The keyboard method would
> of course still be needed as many users won't have the needed local servers.

To safely do this over an untrusted network, you would need to
establish an encrypted connection with the randomness server, but
protocols like TLS themselves require randomness.  And if you have
randomess, you might as well seed the target with it directly.

Even if you use a simpler encryption scheme that does not need
randomness, you still need a key, and if you have a key that's long
enough to be secure, you might as well construct the seed directly
from that.

I suspect that any attempt to bootstrap entropy over an untrusted
network will necessarily have to involve some kind of leap of faith.
-- 
Andreas Gustafsson, gson%gson.org@localhost