[Cryptech Tech] RAM as source of entropy

Warren Kumari warren at kumari.net
Thu Feb 6 16:00:41 UTC 2014


This sounds very similar to the "CCD in total darkness" ideas...
Last I'd heard, apart from some cells that like to bias in one or the
other direction (imperfections, internally generated heat from nearby
A/D, etc) it was basically a quantum phenomenon. This is why there has
been so much (unsuccessful) research into removing noise from CCD
imagers.
This also seems like it would generate much higher (after some removal
of known sticky bits / whitening) rates.
There were a bunch of papers on this (which I can try dig up again),
but LavaRnd (different to LavaRAnd!) was one of the projects that did
something like this -- place a USB webcam (the cheaper the better!) in
a lightproof container (I used a coffee tin with a small hole for the
cable, which I then filled with epoxy), crank the gain all the way up,
and read randomness.

I don't remember hearing of any known issues with this approach, but
possible of course that a: I missed them and / or b: they are known by
not public!

It seems that the initial state of DRAM and SRAM is fairly far from
random -- there was some research (that I can try drudge up) after the
"Lest We Remember: Cold Boot Attacks on Encryption Keys" paper that
showed that the initial state of DRAM and SRAM (weeeellll CPU cache)
is different for each unit, but fairly predictable within the unit...


Some papers:
Cryptographic Key From Webcam Image -
http://www.mscr.org.my/V1(1)/PP%20115-127.pdf
Lest We Remember: Cold Boot Attacks on Encryption Keys -
http://citpsite.s3-website-us-east-1.amazonaws.com/oldsite-htdocs/pub/coldboot.pdf

On Thu, Feb 6, 2014 at 9:39 AM, Joachim Strömbergson
<joachim at secworks.se> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Aloha!
>
> Василий Долматов wrote:
>> 06 февр. 2014 г., в 17:50, Leif Johansson <leifj at sunet.se>
>> написал(а):
>>> On 2014-02-06 14:43, Василий Долматов wrote:
>>>> «Less» than «more». Unusable as a source.
>>> can you elaborate?
>> No.
>
> Seriously Dol, can you then spend a few minutes to write a few sentences
> on how you see we should go about providing a couple of entropy sources?
> Or at least your thought on what random numbers Cryptech should providde
> and how we are to do that.
>
> I can suggest solutions all day, but zero knowledge oracle responses to
> these suggestions are not going to be a very efficient method of
> reaching a solution we agree on.
>
> - --
> Med vänlig hälsning, Yours
>
> Joachim Strömbergson - Alltid i harmonisk svängning.
> ========================================================================
>  Joachim Strömbergson          Secworks AB          joachim at secworks.se
> ========================================================================
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBCAAGBQJS856xAAoJEF3cfFQkIuyNRJwP/1w6AxdkBqLXX4Icz0YE89D1
> cxWWFkHtpiIqB/UMnIOzaVORQloL9ussj/2KuqHh2Qi8veHrqaLNyGdoBdUI+KKw
> jL+LxwkQe/rcZSPsBaq5eT6TFpDAb1KmS1whxMAzV1GCtB2SPEXa6F3rG1s4me4Y
> tFbXhhzMojTAbgsZ2My0R1xznumrLArf6XZqvu7+1+Sa/g+3g8Iy211PUuvyMRSV
> xD3tq+FZ4bWKw0T0yftTVzPq1rExmX1Oocx0WByVOv5+RwKw9cw3e4n7A1TzpYwY
> YyZmF5pSedFGCB6ACQbxs5FxFNzkZarNOa/na6mE4M6R68BSiue2J/8vetfVOae6
> 9cpVKbNDa8pqsqcCTOQHzXeLr0WEJqm3Av8Q+U5uFS7kygJxx8IiIObUO0qrRgc5
> 15gQcVZOy7HOZQWWjrtFFAtJKZwOSereQ3slGnYRSufoNQoyPYcfogQYqWPg6mW6
> 1Mv3eGOaGgh2BjfyjcI3kHTHuLuuDwpuV7sVvyDb7s6hOYvsRAhEQgdHVXf2IRn+
> w8+4hXbgdsHzVyDgQuhJba7xE3e04XeFqYXikFwOh0q+SmJEs4FSoVYJPzNO0rLK
> HxbIe7fYF1XomyHc3y+BZ3YLue9+tpTx8MMQ1PiPTkltdT8yfiWFxVn2m7Gp6ju+
> KrnDxfZK4YQyijgEWbmg
> =fc+a
> -----END PGP SIGNATURE-----
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://cryptech.is/mailman/listinfo/tech



More information about the Tech mailing list