Randomness generation
Contact owners and managers
1–13 of 13
Welcome to the randomness-generation mailing list!
Users today cannot reasonably trust the quality of the random numbers used in cryptography. The papers "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices" (USENIX Security 2012) and "Ron was wrong, Whit is right" aka "Public keys" (Crypto 2012) showed that tens of thousands of RSA public keys visible on the Internet had been generated from bad randomness, allowing attackers to figure out the secret keys and undermining the entire security provided by those keys. Compromised SSL servers included IBM Remote Server Administration cards, Juniper routers, and many other embedded devices. The first paper also exploited bad signature randomness to break tens of thousands of SSH DSA keys.
These papers triggered a flurry of uncoordinated activity, with questionable fixes bolted onto applications, libraries, operating systems, hypervisors, and chips. The randomness-generation mailing list is meant to centralize discussions and coordinate actions, with the goal of providing trustworthy randomness for future cryptographic users.
2017.12 update: I'm moving this group off Google. Google doesn't make this easy so you have to resubscribe, sorry: https://cr.yp.to/lists.html
Users today cannot reasonably trust the quality of the random numbers used in cryptography. The papers "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices" (USENIX Security 2012) and "Ron was wrong, Whit is right" aka "Public keys" (Crypto 2012) showed that tens of thousands of RSA public keys visible on the Internet had been generated from bad randomness, allowing attackers to figure out the secret keys and undermining the entire security provided by those keys. Compromised SSL servers included IBM Remote Server Administration cards, Juniper routers, and many other embedded devices. The first paper also exploited bad signature randomness to break tens of thousands of SSH DSA keys.
These papers triggered a flurry of uncoordinated activity, with questionable fixes bolted onto applications, libraries, operating systems, hypervisors, and chips. The randomness-generation mailing list is meant to centralize discussions and coordinate actions, with the goal of providing trustworthy randomness for future cryptographic users.
2017.12 update: I'm moving this group off Google. Google doesn't make this easy so you have to resubscribe, sorry: https://cr.yp.to/lists.html
0 selected
5/17/15
4/13/14
11/15/13
12/17/12
