RNG (was: Re: SSD drives)

RNG (was: Re: SSD drives)

Oleg Goldshmidt pub at goldshmidt.org
Sun Jan 6 10:31:46 IST 2013


On Sun, Jan 6, 2013 at 1:34 AM, Amos Shapira <amos.shapira at gmail.com> wrote:

> If someone is really concerned about NSA knowing their random seed through
> Intel's hardware implementation - can't these few people add hardware RNG's
> to their sources?
> (one ref:
> http://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
> )
>

To make it clear: I, for one, am not concerned that NSA will know the seed
of an RNG at any given time. Nor do I think this is an attack vector they
normally consider. I am concerned that someone (possibly less well equipped
than NSA) may exploit the lack of randomness in an RNG and wouldn't need to
know the seed at all.

Why would anyone be interested? In your personal laptop, quite possibly no
one (depends on how naughty you are and whom did you piss off). In your
work laptop - depends on what you do for a living. In a bank's server that
you may administer or run your software on - maybe quite a few resourceful
people. And so on.

As as Nadav quite properly mentioned other uses of RNGs (e.g., Monte Carlo
and other simulations), do you really want the investment house that
manages your savings to systematically misprice securities? Just as an
example...

-- 
Oleg Goldshmidt | pub at goldshmidt.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20130106/a3f7c5ff/attachment.html>


More information about the Linux-il mailing list