[Cryptech Tech] RAM as source of entropy
Joachim Strömbergson
joachim at secworks.se
Sat Feb 8 08:32:27 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
Warren Kumari wrote:
>> Kind of, but I think that there are some important differences --
>> DRAM is designed to be stable (well, to try minimize the leakage
>> from the capacitor). A CCD is designed to let the charge escape
>> from the well.
Yes. That is what I resembles. ;-)
And due to the, in some cases, very long decay times observed for DRAM
I'm more inclined to try the SRAM initial state mechanism since the
"decay" can be forced much better.
>> Ok, I'll buy that. Powering off and on a large SRAM and reading
>> the "initial" state might work really well, it would be interesting
>> to test both and see the entropy and bandwidth from both options.
>> One of the things that had made me uneasy about the memory option
>> (other than the slow decay shown be the "Lest we remember" paper
>> for DRAM) was the fact that many commercial HSMs (supposedly)
>> continuously move the keying information around in memory to
>> prevent cells sticking in a last known state. I'd thought I read
>> something about this effect happening in SRAM as well (but cannot
>> find the reference at the moment), because of long term diffusion
>> effects. I had some vague uneasiness that, over time flip-flops
>> that happen to bias one way or the other would increasingly prefer
>> that bias. But then agin, I've only been paying very slight
>> attention to this, basically what seeps in while idly flipping
>> through IEEE Spectrum on airplanes :-), and so this is probably all
>> a rathole.
No, I think it is an interesting notion worth keeping in mind (no pun
intended). We would power the SRAM memory off and on very often so
something being allowed to stick may not be a problem. But even so,
actively writing different patterns into the memory in between power
cycling it might be an important part of avoiding such problems.
It would be really fun doing some correlation measurements between the
written pattern and the extraction pattern. And having number of power
off cycles on the x axis.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJS9eubAAoJEF3cfFQkIuyNzkYP/j3BHHHyK03sOHo+FX8gNtee
7eUTcg+6zfrpSQ3obkXaZAmLaI5feQKkzAUwiOp+BrLtakt1p9vp/r14XSTorJSz
9aV7/WYgCcO+tq3jQ1h4o8nNRylnE2t839gUhQdriyGKV9vqeBusZa1PxVXmlA+A
e94xQLCn4eZjrUrz83P0qi6pBiifsUfAq2/QfQBFZKU9Bx2zo6oc+Og7twlKB5Z9
5uE0YJVhwDOhq788rSUKeFfqOrjnxbDxdTcrhvptXULJDCQXdb6pNiElRL7Bnkxp
G/bq7jaBM4hq4zKP8Q83eI64RCz370fUj7fYGoXJP7ZUDvyyDnYyexi3N1hAei24
fM8b8ATILZ3D6foRBVzVAGTj6cE+ZMPXp9k2gwpwINif5AoLJIYp0YuLd4dVuV7g
l0QgxdHS0zVELcfeS0HwCLd4Wy/mDGOhro5dJv3reOHQoOgG3zdKTwiiHfcWScaw
x4yykY52hIfuOdcBgjvdiWlQDNF3+u9P4RYqCEdKAQb0O87bmqHov8Nd1uUbuoAd
g458yvYI1u0kQgSb5+msUan6dkNZYYnk9t1H6ao21BQLUBoyaUEo8HXwoYAEnfIt
qvzfkHVEy9P90sX9+pMmOUXW0q35UMZGkz4yawg/TorPPeqzI7prCd6k4HpmW6Yq
k282w6CcHq9AUPO0fUdf
=B6DY
-----END PGP SIGNATURE-----
More information about the Tech
mailing list