[Cryptech Tech] About the TRNG

Jacob jacob at edamaker.com
Fri Dec 18 22:52:54 UTC 2015


On 12/19/2015 12:39 AM, Fredrik Thulin wrote:
> On Saturday, December 19, 2015 12:22:23 AM Jacob wrote:
>> A question to the experts:
>>
>> I fully understand the trust gained by having a custom made external
>> analog TRNG as we do here, but wouldn't be better to XOR the bitstream
>> received from our generator with the one embedded in the CPU(*)? I mean,
>> if the CPU 's TRNG is tainted, we will not be worse off, and if it is
>> not, the board will probably exhibit higher security in case our
>> generator would have some issues.
>>
>
> In general, I believe you are right. If you have good entropy, even XORing it with 0xff..ff won't
> reduce the entropy. However, there is a special case where a malicious producer of the
> value(s) that will be XORed into the stream is able to observe the other entropy stream.
>
> So, if the STM32 RNG could actually observe the data read from the external avalance noise
> before returning data that will be XORed into the stream from the external avalanche noise...
> it could actually cancel out the entropy from the external source.
>
> /Fredrik
>
>

But if this is the case, then it means that the malicious observer has 
control of the CPU, so all bets are off and nothing is secured.



More information about the Tech mailing list