[Cryptech Tech] Physical and electrical spec for avalanche noise source - TerasIC C5G

[Benedikt Stockebrand]

Hi Joachim and list,

Joachim Strömbergson <joachim at secworks.se> writes:

> Aloha!
>
> Benedikt Stockebrand wrote:
>> That's another option, but after some thinking I've got doubts if 
>> Arduino is really a good idea: It has a fixed clock speed of 16 MHz,
>> so if people try that out and then move on to a full speed 20 MHz
>> tiny2313 there might actually be trouble.
>
> (Why would they move to the Tiny? ;-)

because they are cheap, used almost everywhere (so they are extra
expensive to subvert at the product level) and have very little
resources left that an attacker can use for "bonus" functionality in a
subverted firmware.

> The idea of using the Shield is because it is a defined interface witj
> several suppliers of ready made breadbords which should make it easy and
> cheap (for others) to build the entropy source on. That doesn't mean one
> has to use an Arduino. It is just a convient board standard that more
> and more devices supports. The C5G for example.

Fair enough; that said, the tiny2313 has less I/O pins than the mega328
on the Arduino Uno, so downscaling any development on the Arduino
involves some work again.

And anyone able to use the prototype board you mentioned in the previous
post should also be able to put this stuff on plain perfboard, too.  The
Arduino doesn't win anybody much unless the HWRNG is done as a proper
shield, and getting hold of those wirewrap sockets they use for the
pass-through connectors is both difficult and fairly expensive.

And finally, auditing an Arduino is significantly more work (especially
because that wasn't one of its design goals) than a rather minimalistic
design for a specific purpose.

> And Arduino could probably use a good entropy source and RNG too.

Sure, but so could a TI launchpad, any of the various PIC development
boards, a Raspberry Pi, a Beaglebone Black, and whatnot.  It may
eventually be reasonable to go that way, but right now I want something
I want to work with.

With the prototype board we can get our various works done---you'll
probably have to connect 5V, 3.3V, GND and a GPIO pin from your FPGA and
that's it, for Fredrik, Bernd, Basil and myself the test headers and
jumpers provide all sorts of testing features, and once we've got all
that sorted out, then we can continue to branch out for different
specific purposes.

As far as I'm concerned, my next major goals are

- A THT board that is fit for use by others
- An SMD board, or rather an SMD board with a separate breakout board
  for testing
- A proper test suite that's more suitable for HWRNGs than dieharder
- A PIC16F1454 based design that does away with the FTDI chip (but will
  need dedicated drivers on the host side).

> Also note that the Arduino Due uses a much faster MCU (An ARM or in
> the older version an AVR32). But I'm digressing here...

Yes, but on those you can't even replace the MCU yourself any longer,
they are QFPs or worse.  What I like about the Uno is that it has a
socketed mega328, so there is way less damage if things go wrong: Pull
out the MCU, replace it, install a bootloader through the ISP interface,
and you're back in business.

> Otherwise it seems that we should be able to easily connect your design
> to the C5G board.

Right now that's the goal.  Four pins, on 100mil standard pin headers,
and that's it.  The worst thing that can happen is that this doesn't
work without changing the bias resistor in the amplifier stage; in that
case forget about the 3.3V connection but set up a voltage divider to
adjust the 5V output to 3.3V---two resistors and a thumbnail sized bit
of stripboard is all that takes.


Cheers,

    Benedikt

-- 
Benedikt Stockebrand,                   Stepladder IT Training+Consulting
Dipl.-Inform.                           http://www.stepladder-it.com/

          Business Grade IPv6 --- Consulting, Training, Projects

BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/