Raghuram Belur wrote:
> I am wondering if it is possible to use some simple cross-platform
> [PRNG] on the client which is probably not too hard to guess and use
> a more robust mechanism such as an entropy gathering daemon on the
> server
You will have to be very careful. For example, if you use ElGamal or
its variants, inadequate random numbers cause leakage of your long
term key.
I think you could make a workable scheme with RSA keys, though it
wouldn't work within the constraints of an established protocol like
TLS/SSL.
The first step in this protocol would be that the server would choose,
say, 128 random bits. It would encrypt and sign these and send them
to the client. The client would use them as the seed for a secure
PRNG. The protocol would then proceed as normal. Obviously the
client's random numbers would be completely predictable to the server,
but that would not help an attacker.
It is important that the PRNG seeds cannot be replayed to clients.
One way of stopping this would be to include a timestamp and the
identity of the client in the signed data. The timestamp stops very
old seeds being replayed. At the same time, the client will store
used seeds for a certain period; otherwise a seed might be accepted
erroneously if the client's clock was out of synchronisation with the
server's.
--
Pete
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
