Jerry Leichter <leich...@lrw.com> writes: > SSD's are complicated devices.
Complexity makes it hard to understand the security characteristics of relying on the timing of the devices. > So ... use with extreme caution. Estimate conservatively. Mix any > apparent entropy you get with other sources. The longer I'm in this field, the more the phrase "use with extreme caution" seems to mean "don't use" to me. More and more, I think that if you don't have a really good way to test and get assurance about a component of your security architecture, you should leave that component out. That's one reason I recommended "just use AES in counter mode" as the best way to generate random numbers in a low cost embedded context -- it is easy to get assurance simply by running AES validation tests, and you confine your risk to one easily examined part of the process, the key generator in the factory. I'm reminded of Tony Hoare's old saw about systems: "There are two ways of constructing a software design: One way is to make it so simple there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies." Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com