[Ach] Recomendation on haveged in Bettercrypto chapter 3.3.3

Hanno Böck hanno at hboeck.de
Wed Apr 29 13:50:55 CEST 2015


On Wed, 29 Apr 2015 13:37:51 +0200
Maciej Soltysiak <maciej at soltysiak.com> wrote:

> The author writes quite convincingly that low entropy does not
> matter; that there is no count of entropy, but an estimate and given
> the fact that in actuality /dev/random and /dev/urandom are fed by
> the same CSPRNG, the only difference is that /dev/random blocks
> and /dev/urandom is - given the computational security we're aiming
> to get - a safe bet.

That's completely true. The whole idea of randomness "wearing out" is
bullshit.

Kaminsky said something very true on Def Con I like to quote a lot:
There are essentially only two problems of random number generation:
a) Early boot time entropy
b) not using a secure rng at all

None of that matters in a normal TLS server setting. (or let's say b
may matter if your software has severe bugs).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150429/04347767/attachment.sig>


More information about the Ach mailing list