On Wed, Jul 30, 2008 at 09:28:35PM +0200, Jelte Jansen wrote:

> 1. Do all recursive servers even have access to enough entropy? This
> might not be a problem at all, or extra entropy could be arranged for
> busy ones, but it might be worth thinking about in advance. For that

I discussed this with Amit Klein, who I think can rightfully claim to be an
expert on DNS randomness, and he doesn't think it is a problem.

He suggests using block or streamcipher based pseudo-random generator,
seeded using 'real random'.

Even if all excreted pseudo-random is observed from that point onward,
reverse engineering the state of the pseudo-random generator is equivalent
to breaking the cipher it uses, based on an unknown plaintext (the truly
random seed that is being encrypted over and over).

Amit does suggest rekeying every once in a while since AES performed by
software on known hardware leaks a tiny bit of information in the time it
takes to encrypt a block.

This last technique was discovered by Dan J. Bernstein btw.

Odd that :-)


http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.