[Cryptech Tech] User auditable hardware entropy source/random number generator

[Benedikt Stockebrand]

Hi Joachim and list,

Joachim Strömbergson <joachim at secworks.se> writes:

> - Develop methods and tests to allow anybody that wants to implement and
> use Cryptech to verify that their entropy source works.

sure---but that's not so much from what I saw on the scope, but from
what's going on in general, so that's why I didn't list it in that
context.

> We will hopefully not be (the only) producer of Cryptech systems nor be
> the single provider of components. We must therefore instead make it
> possible for other to easily do what you are doing right now.

Here's my personal ultra-high-level agenda on the entire auditable
crypto hardware issue:

1) Show that it's possible.
2) Make it available to the public---as in "can be bought somewhere".
3) Ensure that others pick up the idea and increase both diversity and
   availability. 

> Great work btw, really cool. And scary.

Thanks, but at this point it's really just me making sure my ideas are
somewhat consistent.  Anyway, since at some point we'll need some
serious documentation anyway, I just tried to give it an early start; I
guess you all know what usually happens otherwise:-)

> Your guess re pirate components is a very probable reason. We have seen
> quite a few bad components that have slipped through even quite big
> distributors vetting. For simpler components piracy is prevalent.

Now, if you want a rather broad overview beyond HSMs on this: I've done
a presentation called "The Limits of Cryptography" aimed more at the
"enthusiast" and "generic IT crowd" level on this.  The second run
(after Ed Snowden and Heartbleed) was recorded at the last CCC
EasterHegg and is in English; video is at
http://www.youtube.com/watch?v=7bTaKSZQKhc

Beware that this is about 95 minutes of a rather entry level overview,
however.

And yes, I've also used some of the stuff in my video blog as well.
That's actually how I learned about that BAT85 hack to keep the
amplifier transistors out of saturation.


Cheers,

    Benedikt

-- 
                          Business Grade IPv6
                     Consulting, Training, Projects

Stepladder IT Training+Consulting GmbH      Benedikt Stockebrand
Fichardstr. 38, 60322 Frankfurt/Main        Dipl.-Inform./Geschäftsführer
HRB 94202, Registergericht Frankfurt/M      contact at stepladder-it.com   
http://www.stepladder-it.com/	            +49 (0) 69 - 247 512 362      
http://www.benedikt-stockebrand.de/         +49 (0) 177 - 41 73 985       

BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/

Bitte kein Spam, keine unaufgeforderten Werbeanrufe, keine telefonischen
Umfragen.  Anrufe werden ggf. zu rechtlichen Zwecken aufgezeichnet.
No spam, no unsolicited sales calls, no telephone surveys, please. Calls
may be recorded for legal purposes.