[Cryptech Tech] Discussion: On-line tests for entropy providers in Cryptech

[Benedikt Stockebrand]

Hi folks,

catching up on the list again...

Joachim Strömbergson <joachim at secworks.se> writes:

> I would like to start up a discussion about what on-line tests we are to
> implement in our entropy providers.
> [...]
> One direct question is if it possible to develop a single module and use
> it to monitor all types of entropy sources? At least the types we have
> today (based on avalanche noise and ring oscillators respectively)? Or
> would we need to adapt each on-line test module and the tests it
> implements for every type of entropy source?

In a nutshell, we need different tests for different generators, and not
only for the hardware used but also for the way we extract entropy from
the noise signal.

With the avalanche based stuff Fredrik and I have worked on, and the
algorithm I've proposed, testing is actually pretty simple: If it stops,
then it's broken:-)

Bernd's ROSC however seems significantly more troublesome to me.

It really boils down to figuring out the failure modes with every design
and how to detect them.


Cheers,

    Benedikt

-- 
Benedikt Stockebrand,                   Stepladder IT Training+Consulting
Dipl.-Inform.                           http://www.stepladder-it.com/

          Business Grade IPv6 --- Consulting, Training, Projects

BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/