Consider adding a reference for vulnerabilities in hardware RNGs

ace-wg / est-oscore

Other

0 stars 0 forks source link

Consider adding a reference for vulnerabilities in hardware RNGs #77

Open malishav opened 3 months ago

malishav commented 3 months ago

Based on @EskoDijk 's review in https://mailarchive.ietf.org/arch/msg/ace/I70MHcCzSfPIy28lDqxEOcllgJw/:

6.1 Server-generated Private Keys

… it has been shown that many available hardware modules … Is there some reference for this claim? Maybe not needed in this doc if it’s generally known. But I didn’t know it.

malishav commented 1 month ago

@EskoDijk: this statement comes after listening to a research talk available on YouTube: https://bishopfox.com/blog/youre-doing-iot-rng and https://www.youtube.com/watch?v=Zuqw0-jZh9Y.

I don't think it's appropriate as a reference for the draft, however, but let me know if you disagree.