[cryptography] Asynchronous forward secrecy encryption

Jeffrey Walton noloader at gmail.com
Sat Sep 28 11:41:38 EDT 2013

On Sat, Sep 28, 2013 at 7:36 AM, ianG <iang at iang.org> wrote:
> ...
>>> The key reuse issue isn't related to the choice between time-based and
>>> message-based updates. It's caused by keys and IVs in the current design
>>> being derived deterministically from the shared secret and the sequence
>>> number. If an endpoint crashes and restarts, it may reuse a key and IV with
>>> new plaintext. Not good.
> Either the whole session has to be renegotiated then, or you need a way to
> inject fresh randomness post-crash.  It's not good to rely on counters or
> RNGs in those circumstances.  Time ?
Or VM restarts.

"When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities
and Hedging Deployed Cryptography,"

"When Virtual is Harder than Real: Resource Allocation Challenges in
Virtual Machine Based IT Environments,"

"mix every entropy source you can get your hands on into your PRNG,
including less-than-perfect ones".


More information about the cryptography mailing list