[messaging] saltpack spec and library

Natanael natanael.l at gmail.com
Tue Feb 2 12:40:59 PST 2016


Den 2 feb 2016 20:36 skrev "Trevor Perrin" <trevp at trevp.net>:

> Some small observations:

[...]

> (3) On a similar note, it wouldn't hurt if the static-static DH
> outputs contributed to the key used for encrypting payloads.  That
> *might* help in the case where a weak RNG is generating bad ephemeral
> private keys, but somehow the sender's static private key was good.
> But that's a pretty weird case.

Not that weird. It just requires that the original setup and usage happens
in different environments.

One example is creation of a keypair on a secure computer, to then be using
it from any kind of SoC based device (because that's the most probable
example) with insufficient entropy available to the OS, because every
single variable is predictable and not enough unique user activity is
captured as entropy. Like a Raspberry Pi, using an existing standard ROM/OS
and with minimal userland. It isn't an unprecedented example:

http://siliconangle.com/blog/2015/11/30/ssh-generation-fault-leaves-raspberry-pi-vulnerable-to-hacking/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160202/9657a845/attachment.html>


More information about the Messaging mailing list