[cryptography] [liberationtech] Heml.is - "The Beautiful & Secure Messenger"

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Jul 13 05:11:45 EDT 2013


Ben Laurie <ben at links.org> writes:

>But what's the argument for _not_ mixing their probably-not-backdoored RNG
>with other entropy?

Oh, no argument from me on that one, mix every entropy source you can get your
hands on into your PRNG, including less-than-perfect ones, the more redundancy
there is the less the chances of a single point of failure.

(Look at the Capstone design to see what the MIB are actually doing, they have
a noise-based RNG, and ANSI X9.17 generator, and a straight counter, all fed
into a SHA-1 PRNG, for redundancy).

And then run every static source code analysis tool you can find on your RNG,
and implement dynamic analysis if you can, and perform entropy checks, and run
a self-test with known-good test vectors on startup, and ... well, you get the
picture.

This is just careful engineering.  Worrying about what the MIB are up to is
paranoia.  If you apply your security engineering well, you don't need to
worry about paranoia.  

(Well, up to a certain extent anyway.  Checked your keyboard firmware and
wiring recently?  Was that TSOP always there?  It looks newer than the
surrounding circuitry).

Peter.


More information about the cryptography mailing list