[Cryptech Tech] Another work package: PN entropy source

Joachim Strömbergson joachim at secworks.se
Thu Mar 13 14:51:48 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Warren Kumari wrote:
>> This is probably showing my ignorance of what entropy actually is,
>> but if the quality of one junction varies over time would it make
>> sense to have 2 (or more)? Especially if we use a multi-channel
>> A/D? We could use both, or, if one stops being randomly noisy we
>> could disable it until it becomes unpredictable enough?

Then we are in the same ignorance league. ;-)

This is why I'm promoting and proposing that the Cryptech TRNG shall
support having multiple, independent entropy sources. They can be of the
same type (PN junction) or of different types. The latter to make it
harder for an attacker since he would then need to affect two different
physical processes simultaneously.

(I will post an updated TRNG presentation hopefully by tomorrow and am
working on an implementation proposal for the TRNG.)

>> Note: I have no idea what unpredictable enough *means*. Mainly I
>> don't want us to end up in a situation where we cannot provide
>> entropy because the diode has started misbehaving^w behaving...

At least according to what I propose, The TRNG shall contain
functionality connected to the entropy sources to allow us to on-line
observe and detect that a given entropy source isn't totally broken.

For real quality assessment, we need to be able to extract raw entropy
en masse and run things like Dieharder. Such access will also be
provided, at least according to my proposal.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJTIcYEAAoJEF3cfFQkIuyNIToQAJwANuNLypYp14P4a/4dT+4t
z53HEveVXHt5SLFVfOTv0vR4TBWt2ZdWigIc3uSdJOJn65PNjukef/uMsZ72RCg9
45B7M9bKM3QQdKmY3HjUASPCDOfLVlQzg82NdCQt0Cqk2fGgNB8fb/zrUfzGK5Zq
ZZd38EpU8k0CyMlFdPuvpFB8X9+FGqbGeh9isLT062QPrx/PJr3uMJGnScHXXkWN
cWOuR9n2QLD3HKm0GA5Ki3InKvji8/pcNrJDrVq3EZWyn9KsGHZ9mj5fdtgf448w
QAKzarwhYHQuHZKoGRnbQbvYUgY9hrcQr3WsjyvfwIDZbJ7Y7S2NjhoohpWD6PgF
ESLDT6sTHGwYDTbqhJiV2ZlNrQnoORvlfmFj+pbK0KtL7ze2vQNvp5IfgZbzLkLG
8bmVXR8K+k2rYGL36JXokYyYeiksk1bhxZuON7hIrhbZrS6j++c05DobQthbraEY
FeWIet+1wykeUkDALBHT9L0FPpTU/1YShGYS0qYU4nOvfKy4pL/gDcnXb4qVTNRQ
h5EIrc43780kEzY4D6GYUadxUntB3rJQ3WXa2T2qyuOrEJRgTSty6V5YwUIZveBM
bTs1yt9r0pIFK+JIYq57Itifzmz3pdUot1Bi5sQMOg5a7kJp5lAuf1iEoD9Rzerf
SKfloKco/98xFARBnVmM
=I3RR
-----END PGP SIGNATURE-----



More information about the Tech mailing list