[Cryptech Tech] User auditable hardware entropy source/random number generator
Benedikt Stockebrand
bs at stepladder-it.com
Sat Jul 26 11:38:32 UTC 2014
Hi Joachim and list,
Joachim Strömbergson <joachim at secworks.se> writes:
> - Develop methods and tests to allow anybody that wants to implement and
> use Cryptech to verify that their entropy source works.
sure---but that's not so much from what I saw on the scope, but from
what's going on in general, so that's why I didn't list it in that
context.
> We will hopefully not be (the only) producer of Cryptech systems nor be
> the single provider of components. We must therefore instead make it
> possible for other to easily do what you are doing right now.
Here's my personal ultra-high-level agenda on the entire auditable
crypto hardware issue:
1) Show that it's possible.
2) Make it available to the public---as in "can be bought somewhere".
3) Ensure that others pick up the idea and increase both diversity and
availability.
> Great work btw, really cool. And scary.
Thanks, but at this point it's really just me making sure my ideas are
somewhat consistent. Anyway, since at some point we'll need some
serious documentation anyway, I just tried to give it an early start; I
guess you all know what usually happens otherwise:-)
> Your guess re pirate components is a very probable reason. We have seen
> quite a few bad components that have slipped through even quite big
> distributors vetting. For simpler components piracy is prevalent.
Now, if you want a rather broad overview beyond HSMs on this: I've done
a presentation called "The Limits of Cryptography" aimed more at the
"enthusiast" and "generic IT crowd" level on this. The second run
(after Ed Snowden and Heartbleed) was recorded at the last CCC
EasterHegg and is in English; video is at
http://www.youtube.com/watch?v=7bTaKSZQKhc
Beware that this is about 95 minutes of a rather entry level overview,
however.
And yes, I've also used some of the stuff in my video blog as well.
That's actually how I learned about that BAT85 hack to keep the
amplifier transistors out of saturation.
Cheers,
Benedikt
--
Business Grade IPv6
Consulting, Training, Projects
Stepladder IT Training+Consulting GmbH Benedikt Stockebrand
Fichardstr. 38, 60322 Frankfurt/Main Dipl.-Inform./Geschäftsführer
HRB 94202, Registergericht Frankfurt/M contact at stepladder-it.com
http://www.stepladder-it.com/ +49 (0) 69 - 247 512 362
http://www.benedikt-stockebrand.de/ +49 (0) 177 - 41 73 985
BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
Bitte kein Spam, keine unaufgeforderten Werbeanrufe, keine telefonischen
Umfragen. Anrufe werden ggf. zu rechtlichen Zwecken aufgezeichnet.
No spam, no unsolicited sales calls, no telephone surveys, please. Calls
may be recorded for legal purposes.
More information about the Tech
mailing list