Re: [TLS] 32 byte randoms in TLS1.3 hello's
Colm MacCárthaigh <colm@allcosts.net> Wed, 26 July 2017 19:46 UTC
Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C400131473 for <tls@ietfa.amsl.com>; Wed, 26 Jul 2017 12:46:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=allcosts-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZY8qZuSdnxw for <tls@ietfa.amsl.com>; Wed, 26 Jul 2017 12:46:38 -0700 (PDT)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDFF113146E for <tls@ietf.org>; Wed, 26 Jul 2017 12:46:37 -0700 (PDT)
Received: by mail-yw0-x22b.google.com with SMTP id u207so32741757ywc.3 for <tls@ietf.org>; Wed, 26 Jul 2017 12:46:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allcosts-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lZUDF8kS41AGMtvQrfjk98Ns/kPFrBIc6OJMtN0TmPY=; b=RD2O3uzl53p5kB3UY75dzST7xTbiQozYN9H5wwF0w5BtYRn1YeCZ2+T9soaVsbFPjw S+WGpaLf6BeElS13xvkFL+6XLPzCeKGD8OkssHhc3tmsiqyGJBmZbH8Obg0KiWf3ng0Y 67pibZtaNmmDTV+HBTdvONhOa6O9jgX7GNws2Dhyco1Zxju4Y5u5SOIK9FPtZI1KGPna lmHcv6AplrmXOSg10JfvbdVcA60Nb8n3czG+GbcPqJ+B7PT0vCir9KUpv7KakeRUHbTX HmeAIlTPjbNVlH4U2v8GLH3KRmoHS6xncaRd8G2qRYMpcwLPO9HbuzQS83+XRTLV9qp3 jagg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lZUDF8kS41AGMtvQrfjk98Ns/kPFrBIc6OJMtN0TmPY=; b=iXVkaYH2lX9lYKnhl8AJgUx2R2EzjPWahIg55gEYnvP38tj/sDeebda6YiI1MsP1vW 2S4swSR2aJMpSxwsR5qU5zoH9vfz6UXt8SWTeI/3ezaH5fhSJhabwkpWApXch9sWdFDF 15qiPvKplxURJBRVEcaCWyQ+f3oPO34naVs+VlvlO7qwKgYZ0QMUAXat1wSWV6L4BjYV wbdaqKiO7VseIy/7iJK/JO7/8ofjSvL4tomGTLIGL8VFxsKUZ/nWiVVSn0QeSe0vG9VP el1HzQo5XEfo/ORZeUsHlE+SN87xUxw/dWkm8xB5Jdo6EcDx5R9MWHKHdDuO1TsSD1SM YvEw==
X-Gm-Message-State: AIVw111xVth4P8Hr1NhW3Accl7vh0EfVZ5kCxeeZ8koQodch63HvTtID lA6Yk/1uKokGETwffmeJVICJCYzoxQif
X-Received: by 10.37.194.130 with SMTP id s124mr1796508ybf.360.1501098397039; Wed, 26 Jul 2017 12:46:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.154.71 with HTTP; Wed, 26 Jul 2017 12:46:36 -0700 (PDT)
In-Reply-To: <20170726185857.0311E1A6CB@ld9781.wdf.sap.corp>
References: <CAAF6GDfe7rXRwSnuiMgftBGUnToDbzEJqedkZwcvPiJodd=2aA@mail.gmail.com> <20170726185857.0311E1A6CB@ld9781.wdf.sap.corp>
From: Colm MacCárthaigh <colm@allcosts.net>
Date: Wed, 26 Jul 2017 12:46:36 -0700
Message-ID: <CAAF6GDcSb3jqirTRW7_Udr4u6QJtFpmFug02pMuX-CjEiyNPfg@mail.gmail.com>
To: mrex@sap.com
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c054adcbaa89e05553db4ce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rWVCo0Pw4dt4e4VHYbx_KQQUPhQ>
Subject: Re: [TLS] 32 byte randoms in TLS1.3 hello's
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2017 19:46:42 -0000
On Wed, Jul 26, 2017 at 11:58 AM, Martin Rex <mrex@sap.com> wrote: > With RDRAND, you would use e.g. SHA-256 to compress 10*256 = 2560 Bits of > a black-box CPRNG output into a 256-bit _new_ output that you > actually use in communication protocols. > If the relation between the RDRAND input and the output of your function is fixed, then your attacker than just do the same thing. It doesn't help at all really. You have to mix RDRAND with something else that is unknowable to the attacker as part of the process. -- Colm
- [TLS] 32 byte randoms in TLS1.3 hello's Stephen Farrell
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Watson Ladd
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Dan Brown
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Ilari Liusvaara
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Russ Housley
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Colm MacCárthaigh
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Colm MacCárthaigh
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Dan Brown
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Peter Gutmann
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Stephen Farrell
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Joseph Lorenzo Hall
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Christian Huitema
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Peter Gutmann
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Christian Huitema
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Watson Ladd
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Peter Gutmann
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Martin Rex
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Colm MacCárthaigh
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Jeffrey Walton
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Martin Rex
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Colm MacCárthaigh
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Martin Rex
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Watson Ladd
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Colm MacCárthaigh
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Stephen Farrell
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Eric Rescorla
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Dan Brown
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Eric Rescorla
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Stephen Farrell
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Dan Brown
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Ilari Liusvaara
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Dan Brown
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Stephen Farrell
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Salz, Rich
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Ilari Liusvaara
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Dan Brown
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Colm MacCárthaigh
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Dan Brown
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Colm MacCárthaigh
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Dan Brown
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] 32 byte randoms in TLS1.3 hello's Stephen Farrell