Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext (Additional Random

Dean Anderson <dean@av8.com> Mon, 26 April 2010 20:21 UTC

Return-Path: <dean@av8.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 04D9428C16A; Mon, 26 Apr 2010 13:21:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.687
X-Spam-Level:
X-Spam-Status: No, score=-0.687 tagged_above=-999 required=5 tests=[AWL=-0.502, BAYES_40=-0.185]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4wRJeD6-ylDy; Mon, 26 Apr 2010 13:21:51 -0700 (PDT)
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) by core3.amsl.com (Postfix) with ESMTP id 9C22528C15F; Mon, 26 Apr 2010 13:21:20 -0700 (PDT)
Received: from citation2.av8.net (citation2.av8.net [130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id o3QKL6Le007131 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 26 Apr 2010 16:21:06 -0400
Date: Mon, 26 Apr 2010 16:21:05 -0400
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: Marsh Ray <marsh@extendedsubset.com>
In-Reply-To: <4BD5E3BD.2030605@extendedsubset.com>
Message-ID: <Pine.LNX.4.44.1004261606250.14419-100000@citation2.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, ietf@ietf.org, tls@ietf.org
Subject: Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext (Additional Random
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Apr 2010 20:21:53 -0000

On Mon, 26 Apr 2010, Marsh Ray wrote:
> http://tools.ietf.org/html/rfc2246 :
> > 7.4.1.2. Client hello
> > 
> > [...]
> >
> >    random_bytes
> >        28 bytes generated by a secure random number generator.
> 
> Not pseudorandom, "generated by a secure random number generator".

Unfortunately, my CRC handbook is packed up at the moment. I think 
this is right: From
http://www.sunny-beach.net/random_numbers/manual/173.htm

   1. The random numbers should pass statistical tests of randomness.
   2. It should be difficult to predict the output of the random number 
generator from observing some previous outputs of the random number 
generator.
   3. It should be difficult to create the same operating conditions as 
the random generator and then duplicate previously produced output.


Most implementations use a PRNG with hopefully these properties.  I just
read an article on phase-space analysis that shows that many PRNG's that
pass (1) above actually fail at (2) and (3).

Most people don't have access to truly random numbers.  PC's and most
computers don't even have the capability to even get truly random
numbers without some kind of extra hardware.

So where are these non-pseudo, truly secure random numbers going to come
from? I think Nowhere, they don't usually exist in practice, except
maybe at the NSA.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 256 5494