[Cryptech Tech] Hardware entropy
Joachim Strömbergson
joachim at secworks.se
Sat May 17 15:08:57 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
Stephan Mueller wrote:
> I also read in your very interesting presentation on the RNG about
> the modularity of the noise sources. But wouldn't it be equally
> appropriate to have the conditioner and the DRNG modular as well?
Yes. What we are trying to achieve with Cryptech is to develop av
platform for Open HSMs. We will produce one and possibly more
reference/example implementation. But nobody should be forced to use the
specific versions of any part that we design.
We will for example develop a few entropy sources, mixer, CSPRNG, key
wrap mechanism etc. But everything will be open source to allow anybody
to replace, customize to meet personal decisions and application demands.
This is why I also say that what might be more important to develop are
documentation on how to assemble a HSM, how to test the HSM, best
practice document, pointers to good tools for evluating the HSM etc.
For the first iteration of the RNG I'm fairly certain that it will be
SHA-512. But swithing it should be basically just to replace it with
another core and change names.
The interfaces for the mixer and the way it operates does not tie it
close to SHA-512.
Good that you asked. I will emphasize this aspect in the next version of
the preso.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJTd3uJAAoJEF3cfFQkIuyNA0kP/i2Ax34wm2t2Tnt60UIUMbdc
6XzMV2TJXUogJx1ROPErX6eCte7Jc5nv7mvVkkyV3tuD575LyQdmCxTGSdKMQhfa
hdv6a7mapnMf3B3X1LJvbLJEE5HU2e9tCOGzZtURrcAuWCkqAFPRSUaoYksWsnZp
GrRtEeKx7EQ98SpH64zgmNipSygFRHrKXXqKu9S1V7d0u/7iL6Kbgw96Ah4NUyj9
1YG33DzNwN8xDnp37YjxxRkpMZLbAmdGmq+h7CBT0COZgd7ZTLWPxL0CDrKRAlI5
vFv6YLyKYFRM0E3tDnskPayNOAEF6THtUZ0mGzk1iYygkR0TZljIUS2900j04bDZ
AQNWit7BVHdo1VmQyeMBK0tXkxqrBRgRnQ6Mn3Tinhq0LyUWZTIEgu8ttl0WLORJ
FVzq1mVWyimlv5uRtgh5KspwJtLXAfJZMqQZzV9us5Ki5id8gg+9HBczCxJxNo2h
xtjc0dwJnPQiTPt7Rjgc61f+/B+LBGstXgZqbq7OL7v1VTKYiTfi026BtdkLD6yI
DWqUoGLLUjbCXGYZqeeVXUxBhhd1Dg+uCmGCLlA2TO8cOPM+bZL+7cFbnxMxQd3t
oReHHaOXmgLDnsE7l/eKNDS8UM1U4ynfsayb6SGjg12cLVT9Ae2c6FoZtwCrpOEe
YXXUEv3u/qKuKaJVtsxZ
=U33C
-----END PGP SIGNATURE-----
More information about the Tech
mailing list