Re: [dsfjdssdfsd] Should secure RNGs be a MUST?
Alyssa Rowan <akr@akr.io> Tue, 11 March 2014 18:28 UTC
Return-Path: <akr@akr.io>
X-Original-To: dsfjdssdfsd@ietfa.amsl.com
Delivered-To: dsfjdssdfsd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89D8F1A0794 for <dsfjdssdfsd@ietfa.amsl.com>; Tue, 11 Mar 2014 11:28:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UERNRz0dbA0u for <dsfjdssdfsd@ietfa.amsl.com>; Tue, 11 Mar 2014 11:28:49 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) by ietfa.amsl.com (Postfix) with ESMTP id A6AA21A0792 for <dsfjdssdfsd@ietf.org>; Tue, 11 Mar 2014 11:28:49 -0700 (PDT)
Received: from [10.10.42.10] (cpc5-derb12-2-0-cust796.8-3.cable.virginm.net [82.31.91.29]) by entima.net (Postfix) with ESMTPSA id D104B60ABA for <dsfjdssdfsd@ietf.org>; Tue, 11 Mar 2014 18:28:42 +0000 (GMT)
Message-ID: <531F5573.1050905@akr.io>
Date: Tue, 11 Mar 2014 18:26:59 +0000
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: dsfjdssdfsd@ietf.org
References: <810C31990B57ED40B2062BA10D43FBF5C523AD@XMB116CNC.rim.net>
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF5C523AD@XMB116CNC.rim.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dsfjdssdfsd/68C1hh1vo05zTUEa5qvuYfahgq8
Subject: Re: [dsfjdssdfsd] Should secure RNGs be a MUST?
X-BeenThere: dsfjdssdfsd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <dsfjdssdfsd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dsfjdssdfsd/>
List-Post: <mailto:dsfjdssdfsd@ietf.org>
List-Help: <mailto:dsfjdssdfsd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Mar 2014 18:28:53 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/03/2014 17:08, Dan Brown wrote: > So, I am not totally sure about the question of whether secure > RNGs should be a MUST. I wonder what others think. Given this list exists, I'd say yes: going forward, they MUST be. <g> Regarding your counterargument: I think security considerations warrant MUST. I think secure RNGs really need to be considered a vital component to analyse. They have clearly been considered a vital component to attack: and no wonder. Insecure RNGs introduce major unexpected problems, including predictable keys and key leakage, in protocols which rely on secure RNGs to satisfy their security requirements. But they can be subtle, and hard to verify. We should consider how robust protocols may be if those requirements are not met, and generally prefer (as a "safety net") protocols which do not fail catastrophically if the RNG is weak, if a practical alternative exists. But it's perfectly reasonable I think to also specify at the same time that the RNG MUST be strong and if it isn't, you're doing it wrong. We know really vital problems have existed in implementations. Someone should figure out what any further problems may be; look for them; find them; fix them; disclose them. (Not necessarily in that order.) It seems that in many cases, this hasn't happened. (Maybe everyone thought it was someone else's problem.) It needs to. It doesn't matter so much whose problems they are: as you correctly say, an insecure implementation would not be securely interoperable even with a secure one. While a bad RNG is in the wild, it could be everyone's problem: I think we need to do what we can to avoid that. - -- /akr -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTH1VzAAoJEOyEjtkWi2t6nBsP/0CqWHtgs7WBXQto5lD+pFTE 8Uh7Nkoc7Kiy6VBadGEb7irR4+gfLhxJboAbJO3cUfqJDuEHczkTZLhiM2PV1FFS zHycQv8JwGs1EM2OUEX607jQgnV+3Jy/c+LTTGZJLCSEGXnvgD+BwQ7wlOfqvQq4 kWGsAe54VhvKGCb944H+pqTSeTZbCEUpTOQBaQoNl2JUAKwXY0QVk10o5dRV1bJt xXirhmV+sNVpCkcg7ExL8GkOcxQ9RLWIVAMzaAqwqH/FHK4FmLLGNWjuwePThpG/ AbngohDsei7YOecMkwkcB1+14XdgAnGxfnNMXq6eslQi9XhGrF24gEQBI8JJzJ6d EqwrJGCRP7PVkJdAvufwgAiiP3hUURGFHjMuNZmFb7XGLO/Yeu2xKmT6Z4CsIk6j W1bOP7MPJsztprFQC2qtOgzV5qbsEia0/6LiXnpQRn8Zz8LkJNjpLlgzr3xsDwLj pLkglDVZf3HIKzIk6DuY1dAN6zcgpCS2xMa1PDyZJAS6QNXPg1Tuq2IkMSgwPt3F 165pALuohuWk5AL+UQsu4KgSTmHYFUl9EX5nRNgMiaNwM0NNJF37VexFIyHzc04i NlTHe4pW1vo4ngeIss07fN8/cS5X4ymYpmiobbi1KBjrDkUestZpFCOR1MjdGfs9 RyY8FgwLznkNiBYuLYLc =sHBQ -----END PGP SIGNATURE-----
- Re: [dsfjdssdfsd] Should secure RNGs be a MUST? Dan Brown
- [dsfjdssdfsd] Should secure RNGs be a MUST? Dan Brown
- Re: [dsfjdssdfsd] Should secure RNGs be a MUST? Alyssa Rowan
- Re: [dsfjdssdfsd] Should secure RNGs be a MUST? Alyssa Rowan
- Re: [dsfjdssdfsd] Should secure RNGs be a MUST? dan
- Re: [dsfjdssdfsd] Should secure RNGs be a MUST? Stephen Farrell
- Re: [dsfjdssdfsd] Should secure RNGs be a MUST? Sandy Harris