Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/david_chisnall/statuses/113772030053153208">David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Sunday, 05-Jan-2025 05:43:32 JST</a><a href="https://infosec.exchange/@david_chisnall" title="david_chisnall@infosec.exchange"><img src="https://gnusocial.jp/avatar/241214-48-20240302204654.webp" width="48" height="48" alt="David Chisnall (*Now with 50% more sarcasm!*)" style="position: absolute; left: 0; top: 0;">David Chisnall (*Now with 50% more sarcasm!*)</a><div><a href="https://gnusocial.jp/notice/8430592" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/174285" title="ryanc@infosec.exchange">Ryan Castellucci (they/them) :nonbinary_flag:</a></li><li><a href="https://gnusocial.jp/user/307784" title="lookatableflip@infosec.exchange">Tableflip</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@ryanc">@ryanc</a> <a href="https://infosec.exchange/@sophieschmieg">@sophieschmieg</a> <a href="https://infosec.exchange/@Lookatableflip">@Lookatableflip</a> I guess it’s not pure software, but anything running on a real computer has a hardware component. The randomness bit is pure software, using whatever it can from the environment as entropy sources, but none of the entropy sources alone (without a hardware random number generator) has enough entropy to be useful, and interrupt timings can sometimes be under attacker control (some fun attacks from the ‘90s involved sending packets at specific timing to influence the entropy collection).</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4311177#notice-8431709">In conversation</a><time datetime="2025-01-05T05:43:32+09:00" title="Sunday, 05-Jan-2025 05:43:32 JST">Sunday, 05-Jan-2025 05:43:32 JST</time> <span>from <span><a href="https://infosec.exchange/@david_chisnall/113772030053153208" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@david_chisnall/113772030053153208">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Sunday, 05-Jan-2025 05:43:32 JSTDavid Chisnall (*Now with 50% more sarcasm!*)
in reply to
@ryanc @sophieschmieg @Lookatableflip I guess it’s not pure software, but anything running on a real computer has a hardware component. The randomness bit is pure software, using whatever it can from the environment as entropy sources, but none of the entropy sources alone (without a hardware random number generator) has enough entropy to be useful, and interrupt timings can sometimes be under attacker control (some fun attacks from the ‘90s involved sending packets at specific timing to influence the entropy collection).
In conversationSunday, 05-Jan-2025 05:43:32 JST from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice