[Cryptech Tech] Fast(er) warm up of the TRNG.

Joachim Strömbergson joachim at secworks.se
Fri Mar 14 08:52:21 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Fredrik Thulin wrote:
> Sure. I'm thinking maybe we can model that as an entropy provider
> that provides entropy generate earlier? Maybe that works, maybe not.
> Depends on how we end up mixing entropy from providers of different
> speeds.

Yes, that is how I want to see it too - like just another entropy
provider. A bit like the external entropy injection we talked about on
the meeting.

I have been thinking a bit more about the entropy combining operations.
I see two ways:

(1) Try to equalize the rates. Could somehow be accomplished by
increasing the collected entropy counter more or less and do
corresponingly more or less overlap XOR:ing. This would still allow the
source with higher rate to affect more of the entropy block though.


(2) Ignore the difference in rate. Just add in a round robin way to
avoid ignoring slower sources. And rely on the mixer to create a really
well mixed seed.

After the meeting I have mentally retracted from the overlapping word
XOR:ing and towards scheme where 32-bit words are concatenated to create
the block used as input to the mixer. I.e. I prefer (2). I'm not sure if
(1) is even feasible and if it really changes anything.

The new paper by Shamir et al that Randy pointed to that provides an
analysis of the Fortuna entropy collector and mixer is a very good read.
Fortuna handles entropy sources with different rates.

https://www.schneier.com/blog/archives/2014/03/the_security_of_7.html


> The previously generated entropy could be stored in an AEAD,
> inheriting the security from the tamper protection of the device.

Either that or in the same memory as the master key with the same
protection we have for that. Both ways should work.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJTIsNFAAoJEF3cfFQkIuyN064P/RipP5Od0v5I60MbhIzZbOHB
3RWWTEdU1ct6ECHDPWnKMBjMksJYG6PZNWnikrFdidw4cNJw3SiK9IKd5lJGSfrc
ivv5+A3ynztSvuUHgUtc69mOfFvdPT9GS5jMdtRICJMdtQcFFU/PNqMKgtJOfFh3
SAut2So0nuO8FYdSLRdgJTzYaVgGWGee7Kypv8ts5b8NzhsA+/zpgaVbppoc7t2V
492WTMrh7bZjWLoiETSlHFFyEG3iwU2CwhJG0s/VZ4rstGUCL5nW/w+nq9sZUgt2
f1ilsz+tLSzf5ZA7GsVlf/0W81dY5Feqq1ZFQvQ92j8FXxsJNx5mjXoaQONE/R7P
iUYaBZig5QuRyUjwdUjK4t4cDxSIHLNY5URJi3iWm+F/mqYCAWroc2zs7ak9LNeN
FU4TBQYA5lF/32waFnOIj6oJbjTvK4+g+emLdj5Tm7s9YcdiJ9dDO3QqfEqPI05K
fH0RnsgZst27wyUGCXL7cCUaCdrFbbVvZ4taOus3K8NdelVVcQ/YKOHINgWiuiaV
KimFUPkI4BD8mqDBTJ8vTSkMij2MCH3wMySvhjX2bwLJhlOEkYw2V/CKpZtEptBV
bfC7zgD256bx8CcBnsi7f8UxL5eWSFC3wxFuUf/Xdh76uEdaLlQQf+8u4+Nm/hsJ
2mueiFr96OzmAnHcI7dn
=Xndy
-----END PGP SIGNATURE-----



More information about the Tech mailing list