[cryptography] Asynchronous forward secrecy encryption

Jeffrey Walton noloader at gmail.com
Sat Sep 28 11:41:38 EDT 2013


On Sat, Sep 28, 2013 at 7:36 AM, ianG <iang at iang.org> wrote:
> ...
>>> The key reuse issue isn't related to the choice between time-based and
>>> message-based updates. It's caused by keys and IVs in the current design
>>> being derived deterministically from the shared secret and the sequence
>>> number. If an endpoint crashes and restarts, it may reuse a key and IV with
>>> new plaintext. Not good.
>
> Either the whole session has to be renegotiated then, or you need a way to
> inject fresh randomness post-crash.  It's not good to rely on counters or
> RNGs in those circumstances.  Time ?
Or VM restarts.

"When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities
and Hedging Deployed Cryptography,"
www.isoc.org/isoc/conferences/ndss/10/pdf/15.pdf.

"When Virtual is Harder than Real: Resource Allocation Challenges in
Virtual Machine Based IT Environments,"
http://static.usenix.org/event/hotos05/final_papers/full_papers/garfinkel/garfinkel.pdf

http://lists.randombit.net/pipermail/cryptography/2013-July/004746.html:
"mix every entropy source you can get your hands on into your PRNG,
including less-than-perfect ones".

Jeff


More information about the cryptography mailing list