[Cryptech Tech] Hardware entropy

[Fredrik Thulin]

On Friday, May 16, 2014 05:25:09 PM Bernd Paysan wrote:
...
> > We're more or less just about to start the work on the first
> > implementation
> > of an entropy source. What we're planning to do for the first
> > implementation is a noisy diode source, external to the FPGA.
> 
> There are a lot of noisy internal sources, if you know where to find them
> (this usually means misconfiguring the LUTs, because "sane" designs avoid
> that ;-).  Of course, you can always have an external noise source+DAC, and
> once you have collected enough entropy, run a PRNG.
> 
> > I don't know very much about FPGAs so I can't really say anything about
> > your idea, but I'm sure Joachim will chime in.
> 
> Ok.

Bernd and Joachim, thank you both for sharing your very interesting thoughts 
and ideaas with this list this weekend.

Regarding FPGA internal sources of entropy; I think I'll mostly show my 
ignorance by asking this, but I'll do it anyway with the hope to get even more 
interesting e-mails to read and learn from:

>From my understanding the internal entropy would be generated using 
unintented/not really standard stuff existing in FPGAs? Are there any potential 
dangers in having such a source in the Cryptech HSM?

I'm saying this because in my mind I wouldn't be surprised if people will end 
up building HSMs from a number of more or less different FPGAs, and it could be 
catastrophic if some of these (based on model differences, batch differences, 
optimization setting differences or whatever) would actually fail to produce 
entropy.

Of course, Cryptech has to have mechanisms to ensure the reliability of the 
entropy source(s) anyway... as you already said in other e-mails. Maybe that 
is enough to remove these concerns.

/Fredrik