[Cryptech Tech] User auditable hardware entropy source/random number generator

Joachim Strömbergson joachim at secworks.se
Sat Jul 26 07:01:12 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Benedikt Stockebrand wrote:
> - do some really serious thinking about quality ("unquality"?)
> assurance on these components,
> 
> - design our circuitry and firmware to be as insensitive to these 
> tolerances as possible,
> 
> - ...and otherwise make it fail safely if things get really hopeless
> and
> 
> - somehow ensure that a steady supply of usable components is at
> least likely in the long run.

- - Develop methods and tests to allow anybody that wants to implement and
use Cryptech to verify that their entropy source works.

We will hopefully not be (the only) producer of Cryptech systems nor be
the single provider of components. We must therefore instead make it
possible for other to easily do what you are doing right now.

Great work btw, really cool. And scary.

Your guess re pirate components is a very probable reason. We have seen
quite a few bad components that have slipped through even quite big
distributors vetting. For simpler components piracy is prevalent.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJT01I4AAoJEF3cfFQkIuyNqH8QAMAurS5V0dSZ4Vc+KV7ksYA7
6FAkbEK1ZMUJvp7dXqqOOLL3ewSOWhxSp2PNzGqYY3YpdYynSvYd4hAocmAavrJl
CrmFDDthojjUO/eIfihN8C0/T6CVViuZAISmreSVpYZqRBoG7oLfGC6Uc35gawGx
Xj3VrSmMMX0s3C4OGfA9wGX1fAQSKcWxdbnnOUesibi6/QoTRtoKZx5RNKo1yMJj
sjCjo18TXwolLg4nClpyb8mpW8pvsnp7tw7LV8bAf30m+sIslD63w/blA8NldHGM
5hYAUUL0ghtIqoDbaYdIxUS6U3FOo3N0ILionSw/8OJjCgTnt20fi9MpyXvrBYTO
qGfd1nRn1/9gqVnnKXrWdokFQH/+5QHNgRasKkS+pSSQus1pvdwONuo8HnMN9REz
3V37eqBocttsvH8eBRRbTMLaxYsT77YUiT2FnRt2bh//lhN06GI7KRq8FcO0C1pk
pWYMCmVXIjG90Vl1oKVcgUSqQVCgDarFbv+NwNdjkVfwHytzwhJn/9cYKhgOhn7m
nW4sA0yDo2O8Yy5JnQON2B8HcU0YfO3QNgJeJpHgITVekDpMJ2ahZJZHr0t8cKXz
gkkHhgwPC9R44OQetzFCFjS2PYY1vOjZD1og5Ac9RWkIs7hFpSVIfqFPKam93Ast
r3l9VNXKrdKkNsstf6ow
=8UF3
-----END PGP SIGNATURE-----


More information about the Tech mailing list