jepri at webone.com.au
Sun Aug 31 10:35:36 EST 2003
Kim Holburn wrote:
>At 11:10 AM +1000 2003/08/30, Martijn van Oosterhout wrote:
>>On Sat, Aug 30, 2003 at 08:55:44AM +1000, Kim Holburn wrote:
>>>Apparently the consensus is that you can't use the network device for
>>>entropy "because an attacker might potentially control input and make it
>>>non-random". Is this possible? I don't know.
>>I've always thought this a bit strange. I'm not convinced that an attacker
>>can control the timing accuratly enough to predict the very last bit of the
>>CPU cycle counter which flips maybe a billion times a second. At this level
>>you're talking about DRAM latency timings and whether not things are in
>>cache. One bit of entropy per network packet would be enough for most
I'm not the best at cryptanalysis, but I don't think they're worried
that the attacker can predict anything, only that the attacker might be
able to find a pattern after the attack.
I think the fear is that since all network equipment runs on
deterministic macinery, anything they do is determined by a prevoius
state. If you can affect that state in any way, you can affect the
outcome and deduce what happened in between.
In theory, anyway.
More information about the linux