[Cryptech Tech] trng ready for play

Joachim Strömbergson joachim at secworks.se
Thu Oct 2 12:48:13 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

The working trng is now in the repo and ready for testing. This version
of the trng includes:

- - A debug port that can extract the output from entropy sources as well
as the csprng. Which of them are source can be controlled via the API.
Also the update rate of the debug port can be controlled. Mainly used as
blinkenlights to be able to see that things are alive. Yes the port
leaks info and should be disabled or even removed in future versions.

- - Entropy timeout. Since we are using strict round robin policy between
the entropy providers, the collector could potentially hang waiting for
entropy from a provider that is enabled (and thus should deliver entropy
to the collector). The entropy timout function removes the livelock
situation by forcing the collector to move to the next entropy source.

Since each entropy provider must supply several words of entropy until
the seed can be generated, the timeout can happen several times.

I have recorded a video where I show how fast complete reseed takes with
both entropy providers running (parts of a second). I then pull the wire
to the avalanche noise board and starts a new reseed. This time the
timeout comes into use and reseed takes several seconds. Reconnecting
the wire again and reseed once more goes really fast.

The actual timeout time can be set via API. The default value is 1.6
seconds.

Thanks to Randy for pointing out the need for the timeout functionality.

BTW: If there in an interest I could upload the video somewhere
(suggestions welcome). It is 160 MBytes. The plot isn't very contrived
and no animals was hurt during filming.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJULUmNAAoJEF3cfFQkIuyNpC0P/38N3CuFoSqkYbQUhTjZSUBJ
Arbm7vf5y6VlhA4+Ojk6ySZftxuQY2Rf7nobNTos6EDoMrxVGdWHH8b1Mj87noTN
JKsHEkJY7N4Q3dnlIiySOLiQOakXI+N7Kp+JqzVRHLeIqX+cUb5nJa/J4FN5C1hF
oB3zIGMAzj8QGY1UVjDO7uGkfeR3TTYH6pmbRVWX5Ybh1RVqU8qg7SqkH7r8cmIS
ur+Yhx4FNspUuTK01gWYnafEoDBpZzl8F4Hp3yus239MZMLXm8RyqxojephjCOUf
eBaz9ZhFuL4/2ynk0y/aPC16fE85WUm13frdYGeqE1n3ai/9zZQFGeTpvWrc2EdO
rVSDmsJJ7rIomNktSOafgNReBgHxnD2Xhae0EOqJBB7JCUTX8eg6SlWFWAz5LF0f
A2Cp0qLH9rmAWifvhUMHMWj09AZZGr73KajIabvSHZNircNfSULdlKxB1yKjNlWj
eJvLhw1aH9ThzomFXZowiitg3Xx5QsF3XAemoQO1GIsf0zVIELOnJqzOhtGdIlWt
XGDoUMRLqfW2k6DLHJDX+pXhH3YgJGgQe9i5nCe6DIJosJN5l2TiDEdppeaEmpHF
VwQQbISyOw/p9/kdVFTzC0V3baNwvCvQLenQXYUR6bKBr9iaGrhJOd+X3+4UaQmy
tdiqQKaBgGX2DuDUMRfS
=xqAR
-----END PGP SIGNATURE-----


More information about the Tech mailing list