[Cryptech Tech] Discussion: On-line tests for entropy providers in Cryptech

Joachim Strömbergson joachim at secworks.se
Fri Jan 16 10:33:05 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Bernd Paysan wrote:
> Things easy to implement:
> 
> 1. monitor the rate of output bits of the diode noise after the von
> Neumann extractor - if it drops below a certain rate, the diode is
> considered unhealthy.  That's pretty easy to do, just a timer that
> gets reset with every 32 bits of output, and if that timer overflows,
> signal the "unhealthy" status. I'd say 1/4th of the typical rate (for
> 32 bit words) is a good indication of failure.  You should also add a
> higher rate limit (lower number on the counter).

Good point and shows that we probably want/need specific monitors/health
checks for different entropy providers.

For rosc the situation is a wee bit different since they are
continuously running (at least supposed to). But one could probably
detect if the output from each oscillator (before mixing) changes
frequently enough, or if they oscillates very slowly or are stuck. Does
that sound like a reasonable monitor for rosc?

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUuOjhAAoJEF3cfFQkIuyNCtUP/ictb5FmBxTO1K7Qvb7okKK7
I+lQMBbfPP+uvpkmM5bMytFMO7JDMbGeWi1PALxjA8ybe2x/gG68lWc/fSQ2Shu3
EI1UPUWZNc/fRDxc3tks3bP2rfPCqTOguDBKtovE8T1VHl0EVg216RbD9EOOH78D
7MUo3raklPH405v84aIc2tzdGtdyenkO7wkRvIHdv9CIQmufZsKsFyLUkl5PvS9N
lGVCP099OVVUIL61cKTJu1oEryRmTAiAKGT6I6m0sl2epLhohun8nwAaaCzi9IhM
Gp2q+uAa7mvqPJ16HXDqeHOTiiIGetKHaP8HeLC7ch4SK0upMYHaMQJWlfeSxexn
TVzMkrFcCgCM4b5mJlvcZDS7mCr0ZUFoN3g0e2J+Ls6i/i30E5w+BbqtTiK1oy9H
UfL2YLLfIw581n5MuhjrX+5q9La6ZJPYjLMjdCUexqSBkOfGiL03xfOUkcb7U47C
pe1Fbe4qxoiFclHlOhgkv9psGixx5Qn8mVWAZAn1kZyqzeIoaxbvcnzJI5DYOg1v
oZXESMRGgGUK9aoqnhONvyhl4FimSUlLm+Rqa6b5mAMMJmhRHKkxdJe/Ok//F7B3
wkLZ4SrD+mKCOOVbAtKt2G6Mtweo381dCMALQReyRsJfsWEdeHfM5ZTEA/nVp572
I96FcICpHvX0CbM7nOev
=Is14
-----END PGP SIGNATURE-----


More information about the Tech mailing list