Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

Patrick Pelletier <code@funwithsoftware.org> Mon, 23 September 2013 04:16 UTC

Return-Path: <code@funwithsoftware.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4647F21F968B for <tls@ietfa.amsl.com>; Sun, 22 Sep 2013 21:16:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.484
X-Spam-Level:
X-Spam-Status: No, score=-1.484 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_20=-0.74]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GX-joArnTiz3 for <tls@ietfa.amsl.com>; Sun, 22 Sep 2013 21:16:35 -0700 (PDT)
Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by ietfa.amsl.com (Postfix) with ESMTP id 0482B21F9C99 for <tls@ietf.org>; Sun, 22 Sep 2013 21:16:30 -0700 (PDT)
Received: from mail8.sea5.speakeasy.net (mail8.sea5.speakeasy.net [69.17.117.53]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id 85A761EE53D5 for <tls@ietf.org>; Mon, 23 Sep 2013 00:16:26 -0400 (EDT)
Received: (qmail 2862 invoked from network); 23 Sep 2013 04:16:26 -0000
Received: by simscan 1.4.0 ppid: 3061, pid: 5523, t: 1.2530s scanners: clamav: 0.88.2/m:52/d:13495 spam: 3.0.4
Received: from dsl017-096-185.lax1.dsl.speakeasy.net (HELO PatrickMBP.local) (ppelleti@[69.17.96.185]) (envelope-sender <code@funwithsoftware.org>) by mail8.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <holz@net.in.tum.de>; 23 Sep 2013 04:16:24 -0000
Message-ID: <523FC097.1070503@funwithsoftware.org>
Date: Sun, 22 Sep 2013 21:16:23 -0700
From: Patrick Pelletier <code@funwithsoftware.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Ralph Holz <holz@net.in.tum.de>
References: <9A043F3CF02CD34C8E74AC1594475C735567407D@uxcn10-6.UoA.auckland.ac.nz> <A3161699-0975-403C-B9C1-8BE548062949@mac.com> <523DA10F.7010308@stroeder.com> <523EEAC2.7010707@net.in.tum.de>
In-Reply-To: <523EEAC2.7010707@net.in.tum.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "TLS@ietf.org \(tls@ietf.org\)" <tls@ietf.org>
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 04:16:41 -0000

On 9/22/13 6:04 AM, Ralph Holz wrote:

> I am still undecided on this issue. Heninger et al. have shown last year
> what can happen if you have poor entropy in your devices, and they also
> gave advice that programmers should not use the non-blocking RNG on
> Linux devices. Won't keep programmers from doing it. Similarly, I remain
> doubtful about EC implementations.

Possibly off-topic for TLS list, but: I don't think the answer is quite 
as simple as "use /dev/random" instead of "/dev/urandom".  The issue is 
only at boot time.  Once the system has been seeded with sufficient 
entropy, /dev/urandom is fine, because the entropy doesn't actually get 
"used up."  Search for "crying wolf" in the Heninger paper.

Perhaps the answer is to check the uptime, and use /dev/random if the 
system has been up for less than 3 (or 5, or something) minutes, and use 
/dev/urandom otherwise.

This has been discussed extensively in the "random vs urandom" thread on 
the randombit cryptography list last month.

--Patrick