Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext (Additional Random

Dean Anderson <> Wed, 28 April 2010 12:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4D5393A6895; Wed, 28 Apr 2010 05:59:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.611
X-Spam-Status: No, score=-0.611 tagged_above=-999 required=5 tests=[AWL=-0.612, BAYES_50=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8ByGp-+ejB4o; Wed, 28 Apr 2010 05:59:06 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 01A903A6BE5; Wed, 28 Apr 2010 05:59:05 -0700 (PDT)
Received: from ( []) (authenticated bits=0) by (8.12.11/8.12.11) with ESMTP id o3SCwpbe016672 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 28 Apr 2010 08:58:51 -0400
Date: Wed, 28 Apr 2010 08:58:50 -0400 (EDT)
From: Dean Anderson <>
To: "Kemp, David P." <>
In-Reply-To: <>
Message-ID: <>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext (Additional Random
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 28 Apr 2010 12:59:07 -0000

The 'entropy pool' of /dev/random in Linux isn't really random. Its
based on keyboard input and possibly other semi-random or entirely
predictable sources.

The 3 criteria are for PRNGs. I don't dispute that /dev/random meets
these criteria; only the assertion that its better than a PRNG or that
its truly random.

It fails to be truly random by depending on non-random processes that
could be identified and predicted and/or manipulated by an attacker.  I
suggest you read resources on creating one-time pads. Its very, very
hard to get truly random numbers, and without truly random numbers, your
one-time pad will fail to be 'one-time'.  There is anecdote (I don't
know if it actually happened) of a one-time pad created by rolling dice
being compromised.


On Tue, 27 Apr 2010, Kemp, David P. wrote:

> I'm not sure why an entropy pool would not be considered "truly random"
> by any of the three criteria you cited.  If there is insufficient
> physically-generated entropy (such as on an appliance with no hard
> drives, no user timing input, and all other sources observable or
> predictable) then the process is not applicable - it cannot create
> entropy by magic.
> But by what criteria would it fail to be truly random (albeit at a much
> lower rate than dedicated hardware) on an uncompromised user desktop?
> Dave
> -----Original Message-----
> From: Dean Anderson [] 
> Sent: Tuesday, April 27, 2010 6:25 AM
> To: Kemp, David P.
> Cc:;
> Subject: Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext
> (Additional Random
> >
> The link you cite above is an example of the extra hardware that most
> people don't have.
> >
> The link you cite above isn't a truly random number generator.
> 		--Dean

Av8 Internet   Prepared to pay a premium for better service?         faster, more reliable, better service
617 256 5494