2

Consider the following scenarios:

  • using OpenSSL to encrypt a file with Rijndael-256
  • using LUKS to encrypt a hard-drive that is used every day

Exactly when is entropy from /dev/random needed for a crypto process? Is it only needed for the key generation or is it also needed for the encryption process itself?

When the CPU is executing a crypto process (key generation or encryption) for a program, does the CPU cause some kind of pattern (like a fingerprint of the encrypted data) as it processes? Can this "processing pattern" then be used to break the encryption and see the plaintext?

Cryptographeur
  • 4,357
  • 2
  • 29
  • 40
user3200534
  • 175
  • 4

1 Answers1

0

This first scenario: it depends on the specific command, but it should need randomness when generating the key (or when deriving the key from a password, when generating the salt) and when generating the initialization vector for encryption.

The second scenario: when generating the master key, and when generating the salt used with the user's password to encrypt the master key. It does not need randomness for encryption, since there is no place to store initalization vectors. The algorithms usually try to compensate for this by using the index of the disk sector in the algorithm.

Also, I'm not sure if /dev/random is used; I think that at least OpenSSL uses /dev/urandom/.

For the second question, there are side channel attacks as mentioned. Depending on the implementation, it may be possible to retrieve keys by analyzing timings or energy consumption.

Conrado
  • 6,614
  • 1
  • 30
  • 45