[Cryptech Tech] Hardware entropy

[Stephan Mueller]

Am Samstag, 17. Mai 2014, 17:08:57 schrieb Joachim Strömbergson:

Hi Joachim,

>Aloha!
>
>Stephan Mueller wrote:
>> I also read in your very interesting presentation on the RNG about
>> the modularity of the noise sources. But wouldn't it be equally
>> appropriate to have the conditioner and the DRNG modular as well?
>
>Yes. What we are trying to achieve with Cryptech is to develop av
>platform for Open HSMs. We will produce one and possibly more
>reference/example implementation. But nobody should be forced to use
>the specific versions of any part that we design.

I understand that this will be a kind of Open Source -- Open Hardware 
approach where everybody can do whatever he likes. However, in the 
design of the RNG, a tight, hardly to separate integration of the noise 
source from the subsequent deterministic part can be achieved or a loose 
coupling which allows an easy plug and play with other ciphers.

My recommendation would be for the latter.
>
>We will for example develop a few entropy sources, mixer, CSPRNG, key
>wrap mechanism etc. But everything will be open source to allow anybody
>to replace, customize to meet personal decisions and application
>demands.
>
>This is why I also say that what might be more important to develop are
>documentation on how to assemble a HSM, how to test the HSM, best
>practice document, pointers to good tools for evluating the HSM etc.
>
>For the first iteration of the RNG I'm fairly certain that it will be
>SHA-512. But swithing it should be basically just to replace it with
>another core and change names.

Oh, sure. Do not get me wrong that all needs to be perfect from the 
beginning. But interfaces are hard to change afterwards. Thus my remark 
on well-defined interfaces between noise source and conditioner to allow 
an easy replacement.
>
>The interfaces for the mixer and the way it operates does not tie it
>close to SHA-512.

I am so glad to hear that.
>
>Good that you asked. I will emphasize this aspect in the next version
>of the preso.

By the way: I am amazed that hardware development is now starting to be 
Open Source.

Ciao
Stephan