[Cryptech Tech] trng ready for play
randy at psg.com
Fri Oct 3 11:29:13 UTC 2014
>> if entropy providers vary much in speed, having a per-provider
>> timeout may be wise.
> True. The provider might even be made to handle the timeout
> itself. The avalanche entropy provider for example will know the
> approximate internal data rate anyway so having it adjusting the
> timeout. OTOH this would still push the ability to break out from
> livelock away from the collector.
and that's the rub. i prefer simha's approach of A watching B (and,
where appropriate, vice versa).
> We should make a list of features to add somewhere. For me the highest
> priorities right now are:
> * Getting the trng to build cleanly against the FPGA on the Novena.
> * Getting the trng onto the Novena
> * Start doing real testing of the entropy sources as well as random
> numbers generated by the trng on the Novena.
> * Develop on-line entropy health checks, add test mode functionality
> * Optimize performance (the csprng_fifo is totally wrong design-wise.
> It works, but does not hide latency.)
> After that it is back to ciphers, key wrappers etc.
this sounds an excellent plan. and hope paul has the eim path for you
after a bit.
More information about the Tech