Re: [dsfjdssdfsd] Discussion: Malicious Entropy Attacks: Eggs, and Baskets

Arnold Reinhold <> Tue, 18 March 2014 20:57 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C62C91A0427 for <>; Tue, 18 Mar 2014 13:57:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KzZCdjvvWbj8 for <>; Tue, 18 Mar 2014 13:57:35 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 76A3E1A0125 for <>; Tue, 18 Mar 2014 13:57:34 -0700 (PDT)
MIME-version: 1.0
Content-type: text/plain; charset="windows-1252"
Received: from [] ( []) by (Oracle Communications Messaging Server 7u4-27.08( 64bit (built Aug 22 2013)) with ESMTPSA id <> for; Tue, 18 Mar 2014 20:57:26 +0000 (GMT)
From: Arnold Reinhold <>
In-reply-to: <>
Date: Tue, 18 Mar 2014 16:57:25 -0400
Content-transfer-encoding: quoted-printable
Message-id: <>
References: <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.1874)
x-icloud-spam-score: 34444444;; is=no; ir=yes; pp=ham; spf=n/a; dkim=n/a; dmarc=n/a; wl=n/a; pwl=n/a; clxs=n/a; clxl=n/a
Cc:, "\"Krisztián Pintér\"" <>
Subject: Re: [dsfjdssdfsd] Discussion: Malicious Entropy Attacks: Eggs, and Baskets
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 18 Mar 2014 20:57:37 -0000

On Mar 17, 2014, at 10:39 PM, wrote:

> On Mon, Mar 17, 2014 at 08:43:36PM -0400, Arnold Reinhold wrote:
>> 2. The personal privacy threat model, which fears the mass
>> surveillance society, doesn’t trust corporate vendors and certifying
>> bodies, and considers state actors principal threats. I’d put
>> Bitcoin and the like here.
> ... and this also needs to separated into the "proof against a
> targetted attack" and "protect against mass surveillance".
> There's a big difference between NSA or FBI cutting a deal with AT&T
> so that they get to put an Carnivore style keyword monitoring device
> in a telephone closet at a fiber exchange point, and the FBI deciding
> to park a Tempest van outside of your house.
> Cheers,
> 						- Ted

What used to require a Tempest van, today probably fits in a briefcase or even a shirt pocket. And the hardware, in terms of of wide band digitizing and signal processing is now widely available and inexpensive. 

The targeted attack vs mass surveillance/war driving/bang-on-every-exposed-port model should be another dimension to the threat model, but the former shouldn’t be ignored.  Trillions of dollars already flow through financial systems daily and the Internet of Things is just getting started. There will be ever more high value systems to attack, and increasingly sophisticated evil-doers with the means to go after them. (My nightmare sees drug cartels wishing to develop new revenue streams to replace market share lost to legalization and following Sutton’s Law in its most literal sense.)

Before eliminating any capability, such as rapid recovery from PRNG state compromise, based on a claim that the requirement is unreasonable under the threat models being addressed, those threat models (and the claim) should be made fully explicit and subjected to review like any other aspect of the proposed standard.

Arnold Reinhold