[Cryptech Tech] About the TRNG

[Jacob]

On 12/19/2015 12:39 AM, Fredrik Thulin wrote:
> On Saturday, December 19, 2015 12:22:23 AM Jacob wrote:
>> A question to the experts:
>>
>> I fully understand the trust gained by having a custom made external
>> analog TRNG as we do here, but wouldn't be better to XOR the bitstream
>> received from our generator with the one embedded in the CPU(*)? I mean,
>> if the CPU 's TRNG is tainted, we will not be worse off, and if it is
>> not, the board will probably exhibit higher security in case our
>> generator would have some issues.
>>
>
> In general, I believe you are right. If you have good entropy, even XORing it with 0xff..ff won't
> reduce the entropy. However, there is a special case where a malicious producer of the
> value(s) that will be XORed into the stream is able to observe the other entropy stream.
>
> So, if the STM32 RNG could actually observe the data read from the external avalance noise
> before returning data that will be XORed into the stream from the external avalanche noise...
> it could actually cancel out the entropy from the external source.
>
> /Fredrik
>
>

But if this is the case, then it means that the malicious observer has 
control of the CPU, so all bets are off and nothing is secured.