Re: [dsfjdssdfsd] Discussion: Malicious Entropy Attacks: Eggs, and Baskets

Krisztián Pintér <> Sat, 15 March 2014 15:50 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C985B1A0218 for <>; Sat, 15 Mar 2014 08:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mxiSx2tX4ra4 for <>; Sat, 15 Mar 2014 08:50:50 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4013:c00::233]) by (Postfix) with ESMTP id 8A4D21A020A for <>; Sat, 15 Mar 2014 08:50:50 -0700 (PDT)
Received: by with SMTP id c13so2485485eek.10 for <>; Sat, 15 Mar 2014 08:50:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=date:from:message-id:to:subject:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=8vDiwcJojknb9xTAIowcYh4j276efk83aVKfWHP15zc=; b=GR+cfeoZPDE++nPuEetU/Ph7rI7JvueJkQgjTbC03GWw7pZOBTPIPKJZqYSy+vzO34 yg89krzlsn+A5BZXNbShCzWz9CkMYPKDLeagAe8iqqsqoBHhQSBUXeAx+vaFDzG7p8Zx qhKzPOeQ9B/V34hUtK1mm8FezKG6OrhKA9fFvl4glFdwU6Jopr5rKL3yNfL4hkGhMwAJ 1QZZhGHo/hJB+/dJ0156yV6r5PwWBSYusKReqP5UhdMYMeogx7KHybmLPJDfw38B8dw8 c6z5xTjDZxYzK0y/kQl2pZKj+BaaVDj+VUiqvLYIGuvTfCjcZsAL2bn4g6nCkoAu5nUN aFWw==
X-Received: by with SMTP id n51mr6097415eex.33.1394898641300; Sat, 15 Mar 2014 08:50:41 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id m8sm25506186eef.14.2014. for <> (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 15 Mar 2014 08:50:40 -0700 (PDT)
Date: Sat, 15 Mar 2014 16:50:37 +0100
From: Krisztián Pintér <>
X-Priority: 3 (Normal)
Message-ID: <>
In-Reply-To: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: [dsfjdssdfsd] Discussion: Malicious Entropy Attacks: Eggs, and Baskets
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 15 Mar 2014 15:50:52 -0000

Arnold Reinhold (at Friday, March 14, 2014, 5:20:56 PM):
> Here are some scenarios where recovery from a state compromise would be important:
> o A bug in system software that exposes PRNG state only rarely
> o An attack that that exposes PRNG state in a system that is well
> guarded against covert channels, limiting undetected outbound messages to very low bit rate

and these are the attacks about which djb says: your system is broken.
don't patch it, fix it. if such attacks could be carried out, session
keys or long term keys might have been compromised. recovering your
prng won't help that, the damage has been done.

it is not the way to reduce the chance of any attack by a small
factor, let the factor be a 100, or even a million, it is still small.
what we want is systems that are reliable and safe. and if our system
is safe, we don't need reseeding.