[Cryptech Tech] Fast(er) warm up of the TRNG.

Leif Johansson leifj at sunet.se
Fri Mar 14 16:35:47 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2014-03-14 10:31, Joachim Strömbergson wrote:
> Aloha!
> 
> Leif Johansson wrote:
>> The "only noisy diode good" argument is looking more and more 
>> sensible to me from a pure simple-design standpoint... but then
>> again I'm not an electronics designer so take this with a
>> fist-full of salt :-)
> 
> Why?

I guess cause I was seeing a lot of potential breakage in the
rate-handling and mixing ... I could be overstating the issue cause I
don't know enough.

> 
> If we look at the paper analyzing the Fortuna RNG they don't argue 
> against having multiple entropy sources. And Fortuna (and Yarrow)
> as well as TRNGs in modern OS:es all support multiple sources.
> People don't trust a single source since it provides a single point
> of attack. And what Yarrow and Fortuna does is to make it hard for
> an attacker that messes with one source to affect the seed values
> created. The paper by Adi Shamir et al shows that this method
> works. That is good.
> 

point taken

> And even if we only have one source (which we will support if we do
> what we said on the meeting) we will still have a collector and
> mixer. If not I'm fairly certain that we will have a hard time
> getting users to trust the design. I think that it is very
> important that we try to follow the general structure of what is
> considered to be good, modern TRNG designs. What dol@ proposed on
> the meeting does not even come close to match that.
> 
> 

yeah I guess you're right
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlMjL+MACgkQ8Jx8FtbMZnfJmQCgho5v9xlYqN/MBgYC+/LEVmfr
rSUAn12/G9zOZjbGyURFQBFmc06aacRh
=RATv
-----END PGP SIGNATURE-----




More information about the Tech mailing list