Re: [dsfjdssdfsd] specifying an RNG

Russ Housley <housley@vigilsec.com> Sun, 17 November 2013 00:19 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: dsfjdssdfsd@ietfa.amsl.com
Delivered-To: dsfjdssdfsd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C37011E80EA for <dsfjdssdfsd@ietfa.amsl.com>; Sat, 16 Nov 2013 16:19:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.247
X-Spam-Level:
X-Spam-Status: No, score=-102.247 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_SUB_11CONS_WORD=0.352, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CGhzRdNQZ2OO for <dsfjdssdfsd@ietfa.amsl.com>; Sat, 16 Nov 2013 16:19:07 -0800 (PST)
Received: from odin.smetech.net (mail.smetech.net [209.135.209.4]) by ietfa.amsl.com (Postfix) with ESMTP id 4F99F11E80E2 for <dsfjdssdfsd@ietf.org>; Sat, 16 Nov 2013 16:19:07 -0800 (PST)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id D133BF2408D; Sat, 16 Nov 2013 19:18:53 -0500 (EST)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id PVwlfO5KsNkg; Sat, 16 Nov 2013 19:18:32 -0500 (EST)
Received: from [192.168.6.24] (ip-64-134-184-113.public.wayport.net [64.134.184.113]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 86BA0F2400F; Sat, 16 Nov 2013 19:18:32 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
X-Priority: 3 (Normal)
In-Reply-To: <f1fa93561577c1866315495de82b5437.squirrel@www.trepanning.net>
Date: Sat, 16 Nov 2013 19:18:16 -0500
Content-Transfer-Encoding: 7bit
Message-Id: <8AC26C38-F2E4-44DA-B731-B795258EF186@vigilsec.com>
References: <f1fa93561577c1866315495de82b5437.squirrel@www.trepanning.net>
To: Dan Harkins <dharkins@lounge.org>
X-Mailer: Apple Mail (2.1085)
Cc: dsfjdssdfsd@ietf.org
Subject: Re: [dsfjdssdfsd] specifying an RNG
X-BeenThere: dsfjdssdfsd@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <dsfjdssdfsd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dsfjdssdfsd>
List-Post: <mailto:dsfjdssdfsd@ietf.org>
List-Help: <mailto:dsfjdssdfsd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2013 00:19:12 -0000

Dan:

Random or pseudorandom?  Do you care?

Russ


On Nov 15, 2013, at 12:55 AM, Dan Harkins wrote:

> 
>  Hello, and welcome to the dsfjdssdfsd list!
> 
>  At the last IETF the question was asked, "what can we do to harden
> the Internet?" Given the recent news about Dual_EC_DBRG and the
> dopant attack against hardware RNGs one of the things that can be
> done is to have an open specification of a secure RNG. This would
> allow developers to have an alternative to relying solely on
> /dev/[u]random, a hardware RNG, an RNG specified by a large
> government-affiliated group to mix the uncorrelated sources of
> entropy they gather, or an RNG designed in an ad hoc manner by
> someone who thinks he knows what he's doing but probably
> doesn't.
> 
>  One of the things that would be nice to get out of this list is a
> specification on a strong RNG, in the form of a BCP or Informational
> RFC. This doesn't necessarily mean lets "roll our own" but perhaps
> there is best practice that can be specified.
> 
>  So, is there a model that defines what a "robust RNG" would look
> like? Is there a suitable candidate that exists already for such a thing?
> 
>  regards,
> 
>  Dan.
> 
> 
> _______________________________________________
> dsfjdssdfsd mailing list
> dsfjdssdfsd@ietf.org
> https://www.ietf.org/mailman/listinfo/dsfjdssdfsd