[Cryptech Tech] Hardware entropy
Joachim Strömbergson
joachim at secworks.se
Fri May 23 11:42:32 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
Bernd Paysan wrote:
> From a transparency/debugging point of view, I would advice against
> whitening in the entropy provider. Testing for "entropy source is
> alive" is a good idea, but from a design point of view there should
> be several modules which perform different tests. The designer of
> the entropy source then can choose blocks to monitor his source.
If someone wants to do von Neumann whitening that would be ok with me -
as long as the raw entropy extraction point happens before the whitening.
I would like to have a basic set of on-line tests that will _always_
have to be included in the entropy provider for each entropy source.
That way we have a baseline detection. I will try to write down the set
of tests I think we should have in this baseline.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJTfzQoAAoJEF3cfFQkIuyN9A4QAMduJoh5/t+ImMdbQQO2J6xf
3GlZWmdUVs9FXqNwwMOVbM1migu9z5jQzahCSE/tU+whuceg/jivJH2oAe9FbgJ2
o0R3m4SiPQswmvdzJxhKOn6chdTQeLII/dyY98nPSGKz9xv2XaxuMTvnMF+X/X3G
eEDmnqmk6DTIiyZD7eXzQF3I9Kn/DTeusZUz/ly94d9UCzwdJVyj66+eokGsyhZX
UcgnGERG8HHkAkAPZ7WyY8+P3C98XvTPPmoOW6UBjuV2jJTBFCm+xU0VzjNg3VDQ
nD3f0UqKjuABlI0Bna4zqb0dem+Flojr4NIKDOivBoBh2KZz+f0dEUXWBhvNNnAL
hz4IBTShp0T2xv/z3q/5qtmvjPfzan7TbtrfVWnChobXVVSuGzwdh1K7+8h32MZb
s1WIBR+A9Yc1lFZEgqiqj9oUfMxn5KvhIe8axMl8zJHW5dlv2qm02nKJPRXvAijK
mRuNA9A26/mCSbSK8GgUpTVj3VyUlVkiufpGIStxA5XCBSToDqFXRb2uBZFfoO1c
deTM9GvtoU+rJs9zqxH/07uVz7qt5VA9DU1IJoJxn9N3OjuPFXNqHQ4btcQ1ca7k
PRds4X6oqjzV9ct68ZNGJnZzBBseFJcADiMjNSpXk88GJ3BRw7u+usIe596PnP4q
xvh1Cct18KN1nk3wvo0l
=pzU/
-----END PGP SIGNATURE-----
More information about the Tech
mailing list