lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJVRA1TNyTZgrp_z0LMFsX5GqLnRmB2ufVvJyNHDfMr1_O5SCQ@mail.gmail.com>
Date: Sat, 18 Aug 2012 16:00:20 -0700
From: coderman <coderman@...il.com>
To: Dan Kaminsky <dan@...para.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: how i stopped worrying and loved the backdoor

Dan just released "DakaRand"
  http://dankaminsky.com/2012/08/15/dakarand/

src http://s3.amazonaws.com/dmk/dakarand-1.0.tgz

while admitting that "Matt Blaze has essentially disowned this
approach, and seems to be honestly horrified that I’m revisiting it"
and "Let me be the first to say, I don’t know that this works." this
mode would greatly reduce, maybe eliminate the incidence of key
duplication in large sample sets (e.g. visibly poor entropy for key
generation)

the weak keys[0] authors clearly posit that they have detected merely
the most obvious and readily accessible poor keys, and that further
attacks against generator state could yield even more vulnerable
pairs... you have been warned :P

the solution is adding hw entropy[1][2] to the mix. anything less is
doing it wrong!

if you don't have hw entropy, adding dakarand is better than not.

0. "Mining Your Ps and Qs: Detection of Widespread Weak Keys in
Network Devices - Extended"
  https://factorable.net/weakkeys12.extended.pdf

1. "Intel RNG"
  http://lists.randombit.net/pipermail/cryptography/2012-June/002995.html
 see also by thread:
http://lists.randombit.net/pipermail/cryptography/2012-June/thread.html#2995

2. xstore
 http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/rng_prog_guide.pdf

X. LD 50 radiation exposure of the common pigeon. entropy via carrier
pigeon (DRAFT)
 ;P

P.P.S: if you're not passing valid hw entropy into VM guests, you're
also doing it wrong. even enough passed at boot is sufficient,
provided key generation is secure. always a million caveats... and
adding dakarand to guests is better than not.


On Wed, Jul 18, 2012 at 12:35 PM, coderman <coderman@...il.com> wrote:
> On Fri, Dec 24, 2010 at 5:08 PM, Dan Kaminsky <dan@...para.com> wrote:
>> ...
>> Don't we have hardware RNG in most motherboard chipsets nowadays?
>
> clearly not enough of them!
>
> 'Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices'
> https://factorable.net/weakkeys12.extended.pdf

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ