Re: [Tails-dev] haveged quality test in Virtual Box

Delete this message

Reply to this message
Autor: adrelanos
Data:  
A: tails-dev
Assumpte: Re: [Tails-dev] haveged quality test in Virtual Box
intrigeri:
> Hi,
>
> Abel Luck wrote (28 Dec 2012 17:57:40 GMT) :
>> Near the end it discusses HAVEGE with the startling point:
>
>> "One of Peter's colleagues replaced the random input source
>> employed by HAVEGE with a constant stream of ones. All of the
>> same tests passed."
>
> I think this tells more about the poor quality of the tests we
> have, than about the quality of HAVEGE itself. This does not
> startle me.


It's impossible to prove randomness. That's why there will never be
tests which could prove it. Only a pattern can be found. That fact
that no one published a method to find a pattern doesn't mean there is
no pattern. In future a clever person could show us the pattern.

Reading about entropy is interesting. Many things are unclear. There
are many open research questions.

The interesting questions to ask are, is there a known vulnerability? No.

How serious would be if someone found a pattern? Would it make our
keys vulnerable?

I'd speculate it would be best if we combined all current
non-vulnerable methods to gather entropy. If that would help or worsen
the situation is a questions which is also nowhere answered.