Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext (Additional Random
Dean Anderson <dean@av8.com> Mon, 26 April 2010 20:21 UTC
Return-Path: <dean@av8.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 04D9428C16A; Mon, 26 Apr 2010 13:21:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.687
X-Spam-Level:
X-Spam-Status: No, score=-0.687 tagged_above=-999 required=5 tests=[AWL=-0.502, BAYES_40=-0.185]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4wRJeD6-ylDy; Mon, 26 Apr 2010 13:21:51 -0700 (PDT)
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) by core3.amsl.com (Postfix) with ESMTP id 9C22528C15F; Mon, 26 Apr 2010 13:21:20 -0700 (PDT)
Received: from citation2.av8.net (citation2.av8.net [130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id o3QKL6Le007131 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 26 Apr 2010 16:21:06 -0400
Date: Mon, 26 Apr 2010 16:21:05 -0400
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: Marsh Ray <marsh@extendedsubset.com>
In-Reply-To: <4BD5E3BD.2030605@extendedsubset.com>
Message-ID: <Pine.LNX.4.44.1004261606250.14419-100000@citation2.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, ietf@ietf.org, tls@ietf.org
Subject: Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext (Additional Random
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Apr 2010 20:21:53 -0000
On Mon, 26 Apr 2010, Marsh Ray wrote: > http://tools.ietf.org/html/rfc2246 : > > 7.4.1.2. Client hello > > > > [...] > > > > random_bytes > > 28 bytes generated by a secure random number generator. > > Not pseudorandom, "generated by a secure random number generator". Unfortunately, my CRC handbook is packed up at the moment. I think this is right: From http://www.sunny-beach.net/random_numbers/manual/173.htm 1. The random numbers should pass statistical tests of randomness. 2. It should be difficult to predict the output of the random number generator from observing some previous outputs of the random number generator. 3. It should be difficult to create the same operating conditions as the random generator and then duplicate previously produced output. Most implementations use a PRNG with hopefully these properties. I just read an article on phase-space analysis that shows that many PRNG's that pass (1) above actually fail at (2) and (3). Most people don't have access to truly random numbers. PC's and most computers don't even have the capability to even get truly random numbers without some kind of extra hardware. So where are these non-pseudo, truly secure random numbers going to come from? I think Nowhere, they don't usually exist in practice, except maybe at the NSA. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 256 5494
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Paul Hoffman
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Simon Josefsson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Russ Housley
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Paul Hoffman
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Paul Hoffman
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Simon Josefsson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Simon Josefsson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Martin Rex
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Michael D'Errico
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Kemp, David P.
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- [TLS] RNG vs. PRNG Michael D'Errico
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Kemp, David P.
- Re: [TLS] RNG vs. PRNG Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Nicolas Williams
- Re: [TLS] RNG vs. PRNG Martin Rex
- Re: [TLS] RNG vs. PRNG Martin Rex
- Re: [TLS] RNG vs. PRNG Marsh Ray
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Dean Anderson
- Re: [TLS] Last Call: draft-hoffman-tls-additional… Sean Turner