[Cryptech Tech] trng ready for play
randy at psg.com
Mon Oct 6 08:26:18 UTC 2014
>>> (2) Have the entropy providers provide an estimate of their current
>>> rate as a readable value to SW.
>> beware insertion of a lie by attacker so you try to pull more than it
>> can push
> Then you are assuming that the FPGA has been subverted
ahh. ok. i withdraw. i thought you were having the noise source, not
the processed entropy, recommendng the timeout. apologies.
> I have suggested:
> (1) The mixer has a predefined fixed value that can't be changed. This
> works, but we risk having a lot of timeouts if the entropy source rate
> decreases. Alternatively, reseed will take long time.
> (2) Having settable rates in the mixer via the API. Then that can be
> used either as part of a DoS or to cause massive timeouts.
> (3) Having the entropy provider automaticallt suggest to the mixer what
> rate is currently appropriate. No API adjustmnent. But then the mixer
> looses control of the timeout. And you therefore rejected that idea
if, as you say, the entropy provider is on-fpga/asic, then 3 seems
More information about the Tech