On Tue, Aug 29, 2017 at 02:52:10PM +0200, Thomas Schmitt wrote:
> Hi,
>
> Andy Smith wrote:
> > https://www.2uo.de/myths-about-urandom/#experts
>
> So it is about how Daniel Bernstein justifies his claim that it is
> wrong to say:
>
> "we can't figure out how to deterministically expand one 256-bit
> /dev/random output into an endless stream of unpredictable keys
> (this is what we need from urandom),"
>
> and right to conclude:
>
> "For a cryptographer this doesn't even pass the laugh test."
This is the specific use-case (generating keys) where you must use
/dev/random, "of course" ("of course" as in, that should hopefully by
now be obvious).
But most people never ever need to worry about this, only those
implementing "actually intended to be reasonably secure" crypto
software.
> How do cryptographers manage to get this miraculous growth of information
> if the only secret is the 256 bit of /dev/random output ?
They don't. You ought not use /dev/urandom for key generation, use
/dev/random instead.
> Why would i need more than 2 exp 256 tries to guess the whole stream ?
Exactly - you would not, but to get an idea of how long that would
take, work out this:
2^256 * $TIME_TO_CHECK_ONE_KEY_VALUE
Alternatively and perhaps more usefully if you are attempting to
actually calculate hardware requirements, multiply your number space
by the number of CPU cycles needed to "check one value" of your
number space.
> (I don't point out that this refers to /dev/random as source of
> /dev/urandom, because i assume that this is only rethorical to
> illustrate the more general question.
> Further i understand that Linux changes the key in the time range
> of minutes. This seems to be a much stronger precaution than
> just a single key.)
You are correct. But don't rely on a thing I say about all this - I
am not an authority on the code, nor the crypto, whatsoever ;)
> (And again, it's not about IT but about math. In practice 2 exp 256
> or 2 exp 384 are enormous numbers.
> Nevertheless, being sloppy in math can bite you in practice.)
Indeed :)
Cheers,
