[Cryptech Tech] Fast(er) warm up of the TRNG.
Joachim Strömbergson
joachim at secworks.se
Fri Mar 14 09:31:42 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
Leif Johansson wrote:
> The "only noisy diode good" argument is looking more and more
> sensible to me from a pure simple-design standpoint... but then again
> I'm not an electronics designer so take this with a fist-full of salt
> :-)
Why?
If we look at the paper analyzing the Fortuna RNG they don't argue
against having multiple entropy sources. And Fortuna (and Yarrow) as
well as TRNGs in modern OS:es all support multiple sources. People don't
trust a single source since it provides a single point of attack. And
what Yarrow and Fortuna does is to make it hard for an attacker that
messes with one source to affect the seed values created. The paper by
Adi Shamir et al shows that this method works. That is good.
And even if we only have one source (which we will support if we do what
we said on the meeting) we will still have a collector and mixer. If not
I'm fairly certain that we will have a hard time getting users to trust
the design. I think that it is very important that we try to follow the
general structure of what is considered to be good, modern TRNG designs.
What dol@ proposed on the meeting does not even come close to match that.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJTIsx+AAoJEF3cfFQkIuyNVVQQANEEVK4UDF5mNuQE14+kS1Qy
iMCPFL9RtAEUVu1CZ3Usd14N6pO3XHKtnBI7Zf5ApAizy4731ojPNQPwMeIt2zBP
pdWK0pEoqeEPIjGcSkVykE4scL0ibSdXnS/T7Q7sx1Qh6sEjx8wGJbVwanH3Vf9V
J/CRYgl8fk4/iNoNh6JTjVtMK3dINezFRqKuZ2bJRUNrVBnY103A76aC5m5w8dGK
mvsjkyDeRLA/KdgA33hb7afhriMwSr4pwI942JIaHV3SmYO7ClXgIAbskt7j9TF9
sc0HxgHU2AHGEzuZCKlDAxrj6zRVkWPgMWW1CKwjE7GKEs1zjNtEzgCrrCmziKMj
cCL1FE+hmiVJO5IHKU4K4C/B7q6+uGFfqFMBNokO1hX4IvVWcvluDl97izx+tfPJ
2IxoNmCrQ/7aoG6I5TD1eZ3xZZUMSYBANq2MfBsIChnDjg6Vkl38wcKq5fa9N7GC
qUSUsTAVYyogEDsvEFVEuYJNBTOEmTRWmGjFnGK2G6VQXR7lOuqx+DW85JNl7Rfa
3HzWKQvh1f7bEwJ9jWl3DChOg0KsLpubD9Tw06c39/Ibs74MlN13ZKfx/wTT1Mmv
Xcf09qN10ZzlaWc6kI0x7fFv+0H2VWguxep2nL0Uj2g7oZ0tQukY6aP+ZW4xsyyH
vD2FiIODj5DSB6ji9SwE
=rflw
-----END PGP SIGNATURE-----
More information about the Tech
mailing list