key generation: paranoia mode - explicit random input

Fri Feb 28 20:47:38 CET 2014

On 28/02/14 16:05, Hauke Laging wrote:
> But what does that mean in practice? Does that mean we don't aim for 
> improvements any more, not even those which are easy to implement?

I'm Dutch, so I'll do a dyke analogy. A dyke has breached. Throwing in one sack
of sand is easily implemented, and it prevents the water from flowing over a
span of say half a meter. Too bad it's still flowing over the span of the rest
of the sixty meters the breach is wide.

Your solution seems analogous to throwing in the one sack of sand because it is
easy to implement.

So indeed: how much more security will one get? I think that's where the
opinions differ.

You just have to trust your most trusted computer, or you have a lot of water in
your living room.

By the way, if it's so easy to implement, you could write a patch, or pay
someone to do it for you. I would warn you to think about the source and quality
of your randomness. If a compromised computer supplied your file containing the
randomness, you'd look pretty foolish if you used that. So I suppose you need to
have each computer generate the amount of randomness that is (worst case) needed
for a key generation, and then have a well defined method of combining all those
different blocks of randomness in such a way that even if a part of the
randomness is crafted precisely to counteract the randomness in the other parts,
you still have enough randomness to generate a key. It seems to me assuring the
quality of the randomness is much harder than simply redirecting libgcrypt's
random functions.

Oh, and obviously, each computer that supplied a part of the randomness needs to
verify that that is still the same when it generates the key, or the last PC to
generate a block of randomness could just as well replace the earlier parts
without you noticing. Etcetera. I'm sure I've missed something interesting
relating to the randomness generation and transportation.

I have one final question: would you even use this yourself or do you just think
it's cool?

Peter.

PS: Sorry for my wildly inaccurate description of a dyke breach and stopping it.
I might be Dutch, but I'm not an expert on water. I gladly leave that to the
king :).

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>