[Cryptech Tech] trng ready for play

Joachim Strömbergson joachim at secworks.se
Fri Oct 17 06:51:52 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Bernd Paysan wrote:
> Well, if you want ultra-high-speed randomness, you most likely have
> to go to the CPU core itself; ChaCha takes only a few cycles per
> byte, and everything but cache is aleady slower than that.

My core does 1.25 cycles/byte. The clock frequency is way lower than a
modern, desktop/server CPU and can be beaten core for core. But that is
not the point.

The point is - we can build a HSM, an embedded, dedicated, hard wired
and (hopefully) secure system that even in low cost implementation can
deliver high quality random number at Gbps performance. And by
instantiating more cores (and thus increasing cost) can scale the
performance above what you can achieve with CPU cores.

You will not for example achieve similar performance running on the ARM
cores in the CPU on the Novena board.

If you want to build a system that does Tbps random generation using a
32-core x86-64 CPU or even using multiple CPUs then yes, it is quite
possible. But I'm not so sure it will be considered a HSM.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUQLyHAAoJEF3cfFQkIuyNOFoQAIcmj0sxrftnhys3E4Vvkdl3
n5KKx0kg8FFgpRvk0K4zQzPC4JHQANplvB8o4HfecJAItC9qi+e5yLyqmu5IYvvo
Bs+IdnyyT2PQvrcXdpW+CMPs5BF+fq6/2o+HDWoczFtGgsHCQPYiE9hZeSQP8OTp
VLTVP08jSCcxQh6qcbOFQfrjkNkUP50zN0ycNfzYgMKhQlfj53GvZqAg8Xyqm5gs
srRN+I1iS5p1fQdPIX9nvjc0A4PMpD7ZCB58oqN6co3df1pwuSN8Pg9FP70ZgAoG
QcvDabUt1L8yfumWEoX5AbYyDhd7cfYtNf81otdIXTyi2lwRmgruFsU79E7PKHqG
HUWJvvragav/EegDsvELLpOUVxflUIuHavcj0VLmuIggBtoRBQpSTRJOkvkmorDP
Aipj/QoWLo52o2B2f048cls9k/uKpFJs85d/WauFNXBDHnqpzaMyPrWY5zGkJ+jw
uBR+yiITo8liXOvwG1NdL9P5oPK6Sfs8nevFtnEkFdYXuBx6FayvGP2XwUf/NJrN
6FLhPBRJZMX3Pb/jZT/M7g/M7d5/KNNxvtyjvSRTtR006G8YCUH5L2EGJ+VwL+T1
kMrP1fr6Jg2MgvpV6Kmd2XfP3IfblvtQtqcae1axDJ3zenEgH2iCGM3E7H1ExQsB
SJvav6CJ0bp7ZxGQba9I
=dvwn
-----END PGP SIGNATURE-----


More information about the Tech mailing list