[Cryptech Tech] About the TRNG
Joachim Strömbergson
joachim at secworks.se
Mon Dec 21 08:25:29 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
Jacob wrote:
> I fully understand the trust gained by having a custom made external
> analog TRNG as we do here, but wouldn't be better to XOR the
> bitstream received from our generator with the one embedded in the
> CPU(*)? I mean, if the CPU 's TRNG is tainted, we will not be worse
> off, and if it is not, the board will probably exhibit higher
> security in case our generator would have some issues.
It would reduce the performance since you would add additional
instructions to execute for every word you read out from the TRNG. It
might also open up for side channel issues if you could predict the
values from the ST RNG.
I could accept using the ST RNG as an additional entropy source the cpu
could write into the TRNG. The quality of the output from the TRNG
should be (and seems to be) good enough to not start messing with it.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJWd7d5AAoJEF3cfFQkIuyNs3kP/RpU0hW6F5AlMCUShS4EsDZH
4+a3HfulBLR7ExQg1jdSezVoY5WqSKiLFFw1IFtAeuQ9I9P283EclRUDAW3YWI+F
OwWgoVgUnFgeYynr0T7KSD66yTpSRq19HJByhslryL9yPKHNNgiG7bUzFQ+EgGsg
OgKoof02AvW6iOREsBjZQNWQbf96qOQnZw98ax9Sw+sjYnyc/q66V7Q1zXONiVaB
uPt5N2hxIXhwDbE4xVx1/pdrBpEyE+KEX/LCC7Vh6duAprBB5TXKUCyMnj1NGCwy
zzNYwJGWuhjzMcCKTYRCFW5cmVV1IPxo39ipJsagIYTBLw6/RomdlS5UQdDJKWoo
uNLUW8B3Q/0HzYoEz6/JJoonBmfU7z03Dad0uUgmUhIu1B/SGKZn2/ij5jld80cH
KI9fi6OsqLNTq0mQWE/whFnHQJYHJzh0cKf1Dyp4sIIYK1MXzJ0ntKr+zAi5kCUA
8bBEuQI7ZOT4jydKAtOc6R1q4Cwu/YjJhznhktaGBSUYkfz+nCH0HcXJ40SX4jbZ
0ixQFA18vLb+yGw0v9kHjca9J7D8evN4GKw3xSFEqkt4MUVZjhX7GnegTX0U7kt0
xADBz3kXcaeT7Ci7EDArgL0HxNB1CeZoWllgn8jWhyTPV0NCBIkwclxLZjYCR2dI
w8HCt1LeFo1RycfB+qjR
=1NiP
-----END PGP SIGNATURE-----
More information about the Tech
mailing list