Full Disclosure: Re: how i stopped worrying and loved the backdoor

Re: how i stopped worrying and loved the backdoor

From: Marcus Meissner <meissner () suse de>
Date: Sun, 19 Aug 2012 12:28:47 +0200

On Sat, Aug 18, 2012 at 04:00:20PM -0700, coderman wrote:

Dan just released "DakaRand"
  http://dankaminsky.com/2012/08/15/dakarand/

src http://s3.amazonaws.com/dmk/dakarand-1.0.tgz

while admitting that "Matt Blaze has essentially disowned this
approach, and seems to be honestly horrified that I’m revisiting it"
and "Let me be the first to say, I don’t know that this works." this
mode would greatly reduce, maybe eliminate the incidence of key
duplication in large sample sets (e.g. visibly poor entropy for key
generation)

the weak keys[0] authors clearly posit that they have detected merely
the most obvious and readily accessible poor keys, and that further
attacks against generator state could yield even more vulnerable
pairs... you have been warned :P

the solution is adding hw entropy[1][2] to the mix. anything less is
doing it wrong!

if you don't have hw entropy, adding dakarand is better than not.


Lots of people are using "haveged" already, it operates on a similar principle.

http://www.issihosts.com/haveged/

Ciao, Marcus

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: how i stopped worrying and loved the backdoor coderman (Aug 18)
- Re: how i stopped worrying and loved the backdoor Dan Kaminsky (Aug 19)
- Re: how i stopped worrying and loved the backdoor Marcus Meissner (Aug 19)
  - Re: how i stopped worrying and loved the backdoor Robert Kim App and Facebook Marketing (Aug 19)
    - Re: how i stopped worrying and loved the backdoor Thor (Hammer of God) (Aug 19)