Re: depleting the random number generator -- repeated state

1999-07-31 Thread Eugene Leitl
David Honig writes: > One of the many uses of nitric acid. Ie, take random samples I thought this is mostly done by removing the bulk of the package polymer by grinding, and then subjecting the rest of it to a plasma etch. I haven't put a processed wafer into nitric acid yet, but I could imag

Re: depleting the random number generator -- repeated state

1999-07-31 Thread David Honig
At 04:00 PM 7/30/99 -0700, Eugene Leitl wrote: >David Honig writes: > > > One of the many uses of nitric acid. Ie, take random samples > >I thought this is mostly done by removing the bulk of the package >polymer by grinding, and then subjecting the rest of it to a plasma >etch. I believe Marcus

Re: depleting the random number generator -- repeated state

1999-07-31 Thread David Honig
At 03:34 PM 7/29/99 -0700, Eugene Leitl wrote: >Of course one would have to believe the CPU designer that it is true >noise, and not pseudorandom. One of the many uses of nitric acid. Ie, take random samples apart and look at them. There are commercial places that will do the lab work for you.

Re: depleting the random number generator -- repeated state

1999-07-29 Thread Eugene Leitl
It would seem to be an excellent idea indeed to incorporate a register which gets filled with fresh entropy (from amplified circuit noise, for instance) at every clock tick into the CPU directly, particularly if it is to be used for embedded crypto gadgets. Of course one would have to believe th

Re: depleting the random number generator -- repeated state

1999-07-28 Thread Arnold G. Reinhold
At 2:51 PM -0400 7/28/99, Steven M. Bellovin wrote: >In message , "Arnold G. Reinhold" >writes >> I'd spin it the other way. The best approach to making nonces -- DH >> exponents, symetric keys, etc -- is to use a true source of randomness. >> That eliminates

Re: depleting the random number generator -- repeated state

1999-07-28 Thread bram
On Wed, 28 Jul 1999, Jon Callas wrote: > I never directly add in entropy > deposits. I run a separate entropy pool that is hash-based, and > periodically tap that pool to update the secondary pool. I get really > nervous about adding entropy directly into a single pool. I also like to > capitaliz

Re: depleting the random number generator -- repeated state

1999-07-28 Thread Steven M. Bellovin
In message , "Arnold G. Reinhold" writes : > > I'd spin it the other way. The best approach to making nonces -- DH > exponents, symetric keys, etc -- is to use a true source of randomness. > That eliminates one area of risk. However most computers do not co

Re: depleting the random number generator -- repeated state

1999-07-28 Thread Jon Callas
At 10:49 AM -0400 7/28/99, Arnold G. Reinhold wrote: I believe the input mechanism Anonymous described *is* the RC4 key setup mechanism. In any case, I take Anonymous' remarks about the brittle nature of RC4 very seriously. I wouldn't mess with it just to double the entropy pool. If y

Re: depleting the random number generator -- repeated state

1999-07-28 Thread Arnold G. Reinhold
At 9:45 AM -0700 7/28/99, bram wrote: >On Tue, 27 Jul 1999, Eugene Leitl wrote: > >> So what's the magic with the entropy pool? Because current algorithms >> don't have enough state, and because the hidden structure of their >> pseudorandomness starts shining through after a while? > >The idea is

Re: depleting the random number generator -- repeated state

1999-07-28 Thread bram
On Tue, 27 Jul 1999, Eugene Leitl wrote: > So what's the magic with the entropy pool? Because current algorithms > don't have enough state, and because the hidden structure of their > pseudorandomness starts shining through after a while? The idea is to make it so that if there is a failure, and

Re: depleting the random number generator -- repeated state

1999-07-28 Thread Arnold G. Reinhold
At 3:22 PM -0700 7/27/99, Jon Callas wrote: >I built a PRNG that used an RC4 variant as John Kelsey said. The thing is >also actually very Yarrow-like. I modified it later to use a state array >512 long instead of 256 long, just so it would have a larger entropy pool. > >When I added more entropy,

Re: depleting the random number generator -- repeated state

1999-07-28 Thread Eugene Leitl
Jon Callas writes: > I'll also note that the state-loop that Anonymous described can easily be > detected and corrected. Given that this is a PRNG, not a cipher, > predictability is not a requirement (although you can algorithmically > correct in a way that will still make it a cipher). I do

Re: depleting the random number generator -- repeated state

1999-07-27 Thread Jon Callas
I built a PRNG that used an RC4 variant as John Kelsey said. The thing is also actually very Yarrow-like. I modified it later to use a state array 512 long instead of 256 long, just so it would have a larger entropy pool. When I added more entropy, I added entropy using the same basic algorithm a

Re: depleting the random number generator -- repeated state

1999-07-27 Thread Arnold G. Reinhold
At 12:19 AM -0700 7/27/99, James A. Donald wrote: >-- >At 08:44 PM 7/26/99 +0200, Anonymous wrote: >> Even aside from active attacks, there is a possible problem based on >> the fact that RC4 can "almost" fall into a repeated-state situation. >> RC4's basic iteration looks like: >> >> (1) i +