[Cryptech Tech] Noise board on Novena

Benedikt Stockebrand bs at stepladder-it.com
Tue Sep 23 19:31:52 UTC 2014


Hi once more,

Joachim Strömbergson <joachim at secworks.se> writes:

> I think you are skipping over the more important issue - that if we
> should or if we shouldn't require a specific interface to external
> entropy sources.

this is largely your call, because you'll eventually have to implement
the FPGA side.  At this point I'd say that Fredrik and I need something
to work with, which happens to be MCUs we're kind of familiar with, to
see how we get the actual noise source to work and provide you with
reference code to re-implement in the FPGA.

But which interface you actually choose is really up to you, or anybody
who knows how painful the various alternatives are on the FPGA side.  If
you're happy with getting schmitt-triggered (or similar) input on an
input pin, that's perfectly fine with me as well.

> I say that we shouldn't enforce a specific interface,
> but adapt to/accept whatever interface e given entropy source requires
> and its designer fancies. At least to some degree. Not so sure a GBE
> interface would be very good.

Well, I've just seen a 10GBE dual-port card for <500Euro; maybe we
actually *should* consider that:-)

> This means that if _you_ want to use SPI to provide access to your
> entropy source board and can provide the FPGA entropy provider module
> for Cryptech that encapsulates the SPI interface then go for it. I would
> rather prefer to use the single bit schmitt-triggered noise interface we
> use today, but thats me.

Sounds perfectly good to me.  As far as I'm concerned (or the arrgh
stuff is) I'll make an SMD version of it, let you drop the MCU/FTDI
part for Cryptech, and we'll all have something that works.

> As long as it (the entropy source and its associated entropy provider
> module) can deliver entropy over the fifo-like interface and provide API
> ports for control, access to raw entropy then I'm not going to complain.
> Not much at least.

Now, I'm kind of unhappy with the "alive" pin; this implies that there's
still an MCU checking on the state of the noise interface.  But with the
edge algorithm there shouldn't be much need for that---you'll just
notice that you don't get any more noise bits from that if things fail.


Cheers,

    Benedikt

-- 
Benedikt Stockebrand,                   Stepladder IT Training+Consulting
Dipl.-Inform.                           http://www.stepladder-it.com/

          Business Grade IPv6 --- Consulting, Training, Projects

BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/


More information about the Tech mailing list