On Thu, Dec 23, 2010 at 10:00 PM, Marsh Ray <ma...@extendedsubset.com> wrote: > ... >> how i stopped worrying and loved the backdoor > > Note that much of that is backed up by CVS history. > ... > For example, as he mentions in P2 the entropy pool extraction functions
intelligently constraining key space and / or leaking key bits is the Right Way (tm) to do a backdoor. it requires knowledge of the particulars to execute and provides more robustness than a class break / full key leak. i hear they've got clusters of key crackers for searching reasonable spaces ;) also, this may not be limited to entropy pool. it would make much sense to combine elements of hardware accelerated crypto drivers with entropy reduction or key leakage to target specific installations or further obfuscate effects, as mentioned in the thread so linked. (and you could be pretty precise with such key space degradation, if desired!) > I even pointed some of this out the other day on this thread: > http://marc.info/?l=openbsd-tech&m=129298665720095&w=2 > Perhaps the reaction speaks louder than words. "good entropy is hard", is the theme of that thread. how do you measure entropy? a few bytes and i've turned terabytes of entropy into simple order. the debian openssl weak key debacle underscores just how difficult and obscure such technicalities are in the face of random human failures. a well funded adversary with specific targets and significant skill would enjoy plentiful opportunity and success. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/