Hi,
I have a question re: generation of nonces.
From the line:
programs/pluto/crypt_ke.c:75: task->nonce = alloc_rnd_chunk(DEFAULT_NONCE_SIZE,
"nonce");
I saw that this calls fill_rnd_chunk(chunk);
which calls get_rnd_bytes(&rnd, sizeof(rnd));
which in turn calls
PK11_GenerateRandom(buffer, length)
from libnss.
I have cloned the libnss, but I cannot figure out how the PK11_GenerateRandom()
works
and whether it uses nonces from the TPM2 chip?
Obviously, it is not likely as you use nonces from general purpose random
numbers,
this is not going to be the case.
But if PK11_GenerateRandom() uses TPM2 for random numbers, and it gives them
from a
limited space so the people and foreign govts wouldn't have perfect forward
secrecy,
the TPM2 chip could give RNG from a rigged space that is much easier to crack in
offline breaking on dedicated clusters.
Personally, I do not use encrypted emails at all, but stuff like typing
passwords
over open Wifi networks require a reliable VPN that can be trusted.
How safe are exactly the NSS PK11_GenerateRandom() random numbers and how really
random they are? I read from the source that it is supposed to be
FIPS-compliant.
How safe I really am if the Windows 11 implementation of VPN uses TPM2-generated
nonces?
Thank you.
Best regards,
--
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
