[Cryptech Tech] trng ready for play

Randy Bush randy at psg.com
Mon Oct 6 08:26:18 UTC 2014

Previous message: [Cryptech Tech] trng ready for play
Next message: [Cryptech Tech] trng ready for play
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>> (2) Have the entropy providers provide an estimate of their current
>>> rate as a readable value to SW.
>> 
>> beware insertion of a lie by attacker so you try to pull more than it
>> can push
> 
> Then you are assuming that the FPGA has been subverted

ahh.  ok.  i withdraw.  i thought you were having the noise source, not
the processed entropy, recommendng the timeout.  apologies.

> I have suggested:
> (1) The mixer has a predefined fixed value that can't be changed. This
> works, but we risk having a lot of timeouts if the entropy source rate
> decreases. Alternatively, reseed will take long time.
> 
> (2) Having settable rates in the mixer via the API. Then that can be
> used either as part of a DoS or to cause massive timeouts.
> 
> (3) Having the entropy provider automaticallt suggest to the mixer what
> rate is currently appropriate. No API adjustmnent. But then the mixer
> looses control of the timeout. And you therefore rejected that idea
> too.

if, as you say, the entropy provider is on-fpga/asic, then 3 seems
sensible, yes?

randy

Previous message: [Cryptech Tech] trng ready for play
Next message: [Cryptech Tech] trng ready for play
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list