[Cryptech Tech] User auditable hardware entropy source/random number generator

[Bernd Paysan]

Am Montag, 14. Juli 2014, 19:25:16 schrieb Benedikt Stockebrand:
> In this respect (and some others) USB is a rather shoddy standard,
> because it doesn't take any precaution to protect the connected devices
> from each other in any way.  And if the standard is already shoddy, why
> should device manufacturers be any better?  "In our lab it works."
> 
> If you have 50 seconds to spare: www.youtube.com/watch?v=v02841CyVjw

Fair enough, this is a MacBook air, which signals the iPhone that it is 
capable of charging it with those 1.7A using special Apple technology.  If it 
would do that on a standard USB 3.0 port (900mA allowed), this would be more 
of a problem.  I've such a "power USB plug" (with ~2A capability) on my 
ultrabook, too, though it isn't from Apple.  USB 3.1 expands that to 2A at 5V, 
so it's going to be within the spec soon (it's possible now, just outside the 
spec).

> To deal with that I used the MC34063 in a configuration that should
> still work with about +4V of input and enabled the brown-out detection
> in the Atmel, which should trigger IIRC at no less than +4.3V/+4.1V
> (typical/minimum).  So that should deal with low frequency voltage
> drops.

Hm, I'd rather use something like the MAX734, a 120mA 12V boost converter, 
designed for flash devices, which need 12V quickly (or not at all, so it works 
well down to unloaded), and then pretty stable.  The problem with all those 
step up regulators from an entropy source point of view is that they produce a 
pretty deterministic ripple on the voltage.  The good thing is that filtering 
out fixed frequencies is rather easy.

> And then of course, there's the *real* problem: How can we possibly test
> for the relevance of such effects?

By making a hypothesis and measuring things.  E.g. if you know that the MAX734 
has a fixed frequency under constant load, you measure the output of your 
noise source and level shifter in the analog domain with a fast enough ADC 
(1-2 megasamples at least), feed it through an FFT, and look at how big the 
component at that frequency actually is.

If it does influence your noise source, you will be able to see the signal.

>  My approach here is to be
> exceedingly paranoid^Wrealistic, use generously oversized caps and
> inductors, and make heavy use of the test suites.  My guess is that the
> best bet is to make sure that whatever error enters the game gets
> propagated in such a way that it is easily detected on the output.

If you know what you are looking for, you'll usually find it.

In the end, the goal of a trustable noise source means that the device should 
come with all the "measurement equipment" that is necessary to perform the 
tests to show that everything is fine - that's more than simple health 
monitoring.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cryptech.is/archives/tech/attachments/20140714/dcc02642/attachment.sig>