[cryptography] Asynchronous forward secrecy encryption
noloader at gmail.com
Sat Sep 28 11:41:38 EDT 2013
On Sat, Sep 28, 2013 at 7:36 AM, ianG <iang at iang.org> wrote:
>>> The key reuse issue isn't related to the choice between time-based and
>>> message-based updates. It's caused by keys and IVs in the current design
>>> being derived deterministically from the shared secret and the sequence
>>> number. If an endpoint crashes and restarts, it may reuse a key and IV with
>>> new plaintext. Not good.
> Either the whole session has to be renegotiated then, or you need a way to
> inject fresh randomness post-crash. It's not good to rely on counters or
> RNGs in those circumstances. Time ?
Or VM restarts.
"When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities
and Hedging Deployed Cryptography,"
"When Virtual is Harder than Real: Resource Allocation Challenges in
Virtual Machine Based IT Environments,"
"mix every entropy source you can get your hands on into your PRNG,
including less-than-perfect ones".
More information about the cryptography