On the question of what to do if we can't be sure the saved seed file
might be reused: Stir in the date and time and anything else that
might vary - even if it's readily guessable/detectable - along with
the seed file. This adds minimal entropy, but detecting that a seed
file has been re-used will be quite challenging. A directed attack
can probably succeed, but if you consider the case of a large number
of nodes that reboot here and there and that, at random and not too
often, re-use a seed file, then detecting those reboots with stale
seed files seems like a rather hard problem. (Detecting them
*quickly* will be even harder, so active attacks - as opposed to
passive attacks that can be made on recorded data - will probably be
out of the question.)
I wouldn't recommend this for high-value security, but then if you're
dealing with high-value information, there's really no excuse for not
having and using a source of true random bits.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
