[Cryptech Tech] trng ready for play
joachim at secworks.se
Mon Oct 6 07:25:32 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Randy Bush wrote:
>> (2) Have the entropy providers provide an estimate of their current
>> rate as a readable value to SW.
> beware insertion of a lie by attacker so you try to pull more than it
> can push
Then you are assuming that the FPGA has been subverted, and this is the
method of attacking. Not killing the entropy generation AND killing the
And trying to pull more than it can push actuallt would be ok. The
collector will just wait for the entropy provider until it can deliver.
Or a timeout happens, whatever comes first.
If the upper layers are subverted they could instead set the timeout
values to something ridicilously long and then kill the entropy thus
causing a livelock.
Yes we need to carefully consider possible attack vectors and have
layered security. But sometimes we probably need to just accept that
there is a tradeoff between different attack vectors.
Let me flip the question around. Given that we need to wait for an
entropy provider to actually provide a word of data. How do you suggest
that we deal with the potential livelock hazard in a secure manner that
can't be subverted?
I have suggested:
(1) The mixer has a predefined fixed value that can't be changed. This
works, but we risk having a lot of timeouts if the entropy source rate
decreases. Alternatively, reseed will take long time.
(2) Having settable rates in the mixer via the API. Then that can be
used either as part of a DoS or to cause massive timeouts.
(3) Having the entropy provider automaticallt suggest to the mixer what
rate is currently appropriate. No API adjustmnent. But then the mixer
looses control of the timeout. And you therefore rejected that idea too.
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
Joachim Strömbergson Secworks AB joachim at secworks.se
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Tech