[Cryptech Tech] trng ready for play

Randy Bush randy at psg.com
Fri Oct 3 11:29:13 UTC 2014

>> if entropy providers vary much in speed, having a per-provider
>> timeout may be wise.
> True. The provider might even be made to handle the timeout
> itself. The avalanche entropy provider for example will know the
> approximate internal data rate anyway so having it adjusting the
> timeout. OTOH this would still push the ability to break out from
> livelock away from the collector.

and that's the rub.  i prefer simha's approach of A watching B (and,
where appropriate, vice versa).

> We should make a list of features to add somewhere. For me the highest
> priorities right now are:
> * Getting the trng to build cleanly against the FPGA on the Novena.
> * Getting the trng onto the Novena
> * Start doing real testing of the entropy sources as well as random
>   numbers generated by the trng on the Novena.
> * Develop on-line entropy health checks, add test mode functionality
> * Optimize performance (the csprng_fifo is totally wrong design-wise.
>   It works, but does not hide latency.)
> After that it is back to ciphers, key wrappers etc.

this sounds an excellent plan.  and hope paul has the eim path for you
after a bit.


More information about the Tech mailing list