[cryptography] [FORGED] Re: Kernel space vs userspace RNG
stephenmason at stephenmason.eu
Tue May 17 08:58:11 EDT 2016
Dear Krisztián Pintér,
I have picked up your comment: 'random is too important to trust the
recording software and device drivers with it.'
This to me your observation is very important. I am a lawyer with no
technical knowledge, other than I used to be in bomb disposal in the British
army in the 1970s, hence my nome de plume with 'felix'
http://www.stephenmason.eu/?page_id=38 - see also http://www.ammotechs.org/
To explain: in England & Wales, there is a legal presumption that computers
are reliable (although many judges across the world think this anyway, which
is dangerous - do you agree? -i.e. USA, Canada, Australia, New Zealand, etc,
I wrote a new chapter for the second edition of my book on this particular
issue, up-dating it for the third edition. I am presently further updating
the chapter for the fourth edition: http://www.stephenmason.eu/?page_id=33 -
by the way, the 4th edition will be a free PDF download sometime next year.
Can anybody help me? I'd really appreciate information - such as books and
articles that help me expand my argument to the judges and lawyers [even if
they do not listen to me]. This is important. I have tried, but failed so
far: see the first report http://ials.sas.ac.uk/news/IALS_Think_Tank.htm
The draft text of a proposed Convention on Electronic Evidence is available
here: http://conventiononelectronicevidence.org/. The drafting phase will
close at the end of September 2016, and the Convention will be published in
the Digital Evidence and Electronic Signature Law Review in the autumn of
2016. Tell others and join in - help make it a useful document!
Editor, Digital Evidence and Electronic Signature Law Review
> From: Krisztián Pintér <pinterkr at gmail.com>
> Date: Tue, 17 May 2016 12:09:54 +0200
> To: Crypto discussion list <cryptography at randombit.net>
> Subject: Re: [cryptography] [FORGED] Re: Kernel space vs userspace RNG
> On Tue, May 17, 2016 at 11:29 AM, Jaromil <jaromil at dyne.org> wrote:
>> how about a lavalamp :^)
> lavalamp is nice. its slow moving blobs generate some dozen or hundred
> bits per second, i don't know how much, but not too much. it is then
> gets recorded by a camera that easily generates many kilobytes of
> entropy per second as noise. an obvious optimization to this scheme is
> to remove the lavalamp, and point the camera to any surface that is
> not black and not white. you lose only a tiny fraction of the entropy.
> to my knowledge, this was the method used by lavarand. smarter people
> don't go through this loop, but rather don't buy a lavalamp in the
> first place.
> so why the problem is not solved then? because random is too important
> to trust the recording software and device drivers with it. you want
> to audit the prng and the entropy collection. good luck auditing all
> the software involved in recording video. also, a considerable
> fraction of computers don't have cameras. finally, if the camera
> fails, you are left with no entropy or very limited entropy, and you
> probably won't even know about it.
> that is the major benefit of onboard or even onchip sources: you can
> rely on their existence, and there is a simple and straightforward way
> for the kernel to access them.
> cryptography mailing list
> cryptography at randombit.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography