[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
- To: coderman <coderman@xxxxxxxxx>
- Subject: Re: [Full-disclosure] how i stopped worrying and loved the backdoor
- From: Marcus Meissner <meissner@xxxxxxx>
- Date: Sun, 19 Aug 2012 12:28:47 +0200
On Sat, Aug 18, 2012 at 04:00:20PM -0700, coderman wrote:
> Dan just released "DakaRand"
> http://dankaminsky.com/2012/08/15/dakarand/
>
> src http://s3.amazonaws.com/dmk/dakarand-1.0.tgz
>
> while admitting that "Matt Blaze has essentially disowned this
> approach, and seems to be honestly horrified that I’m revisiting it"
> and "Let me be the first to say, I don’t know that this works." this
> mode would greatly reduce, maybe eliminate the incidence of key
> duplication in large sample sets (e.g. visibly poor entropy for key
> generation)
>
> the weak keys[0] authors clearly posit that they have detected merely
> the most obvious and readily accessible poor keys, and that further
> attacks against generator state could yield even more vulnerable
> pairs... you have been warned :P
>
> the solution is adding hw entropy[1][2] to the mix. anything less is
> doing it wrong!
>
> if you don't have hw entropy, adding dakarand is better than not.
Lots of people are using "haveged" already, it operates on a similar principle.
http://www.issihosts.com/haveged/
Ciao, Marcus
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/