Re: FYI/RFC: early-rng-init-tools
- Date: Thu, 28 Feb 2019 13:15:34 -0500
- From: Sam Hartman <hartmans@xxxxxxxxxx>
- Subject: Re: FYI/RFC: early-rng-init-tools
>>>>> "Ben" == Ben Hutchings <ben@xxxxxxxxxxxxxxx> writes: >> If the seed > files used in two different boots are somewhat >> correlated, and the > entropy estimation doesn't account for >> that, the output of /dev/random > may also be somewhat correlated >> between the boots, which is not > supposed to happen. >> >> I'm not sure what you mean by `somewhat correlated'. Ben> I meant that they're not completely independent, so that Ben> knowing one allows you to make some predictions about the Ben> other. But if I've understood rightly, that doesn't matter as Ben> long as the entropy estimation is right. If the seed is secret and there is enough entropy, and some data (no matter how low entropy) is added to distinguish the boots, then no you should not be able to make such predictions. Doing so is sufficient to prove the kernel PRNG is not a PRNG (at least assuming you can do so in polynomial time). I think that may be what you mean when you say that if you've understood rightly, that doesn't matter. If so, then your understanding is correct.
Description: PGP signature