[Cryptech Tech] User auditable hardware entropy source/random number generator

[Benedikt Stockebrand]

Hi Fredrik and list,

> What is a suitable source?

a starter battery from a semi truck? Sorry, couldn't help it:-)

I haven't found an answer to that question that I didn't find some
potential problem in.

> Are you saying that the generated entropy would suffer from a somewhat
> unstable power line?

I tried to minimize that issue, but:

> I've seen USB powered discrete component charge pumps used in this application 
> before, but I realize that doesn't mean it's a good idea =).

The big problem is how USB handles power---or rather, doesn't bother to.
In theory, all devices drawing more than 100mA have to negotiate that
with the host, and at least with USB 1.1/2.0 they are allowed to draw up
to 500mA if the host agrees.  Unfortunately, USB doesn't "enforce" that,
so there are electric mini fans, lava lamps and hard disks that draw so
much power from a USB interface that the specs had to be updated; and
they continue to draw more, so USB 3.0 has an even higher current
limit---which they continue to exceed.  Now combine that with unpowered
and repeatedly cascaded USB hubs and you've got a rather optimistic
picture of reality...

In this respect (and some others) USB is a rather shoddy standard,
because it doesn't take any precaution to protect the connected devices
from each other in any way.  And if the standard is already shoddy, why
should device manufacturers be any better?  "In our lab it works."

If you have 50 seconds to spare: www.youtube.com/watch?v=v02841CyVjw

To deal with that I used the MC34063 in a configuration that should
still work with about +4V of input and enabled the brown-out detection
in the Atmel, which should trigger IIRC at no less than +4.3V/+4.1V
(typical/minimum).  So that should deal with low frequency voltage
drops.

When it comes to high frequency effects, that's yet another reason why
I'd like to get away without a middle stage; it would be the most
susceptible to external noise.  The generator core should be reasonably
well protected through the boost converter, and the amplifier towards
the MCU should do pretty much rail-to-rail "digital" output, so they are
both not too critical.  The middle transistor stage in a three
transistor configuration however would *not* output a rail-to-rail
signal, so any external noise coming in through its power input would be
propagated to the output.

What I currently consider reasonable is to feed the USB +5V straight to
the step-up converter, run the output from that through the optional LC
filter (according to the MC34063 data sheet) to the generator core, and
use at least a joint LC filter between the USB +5V and anything that
actually needs +5V for Vcc.


And then of course, there's the *real* problem: How can we possibly test
for the relevance of such effects?  My approach here is to be
exceedingly paranoid^Wrealistic, use generously oversized caps and
inductors, and make heavy use of the test suites.  My guess is that the
best bet is to make sure that whatever error enters the game gets
propagated in such a way that it is easily detected on the output.


Cheers,

    Benedikt

-- 
Benedikt Stockebrand,                   Stepladder IT Training+Consulting
Dipl.-Inform.                           http://www.stepladder-it.com/

          Business Grade IPv6 --- Consulting, Training, Projects

BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/