[Cryptech Tech] Alpha board main CPU change
Warren Kumari
warren at kumari.net
Sat May 30 16:15:17 UTC 2015
On Friday, May 29, 2015, Jacob <jacob at edamaker.com> wrote:
>
> Also, realizing that I don't have any of the credentials required to
>>> enter into the sanctum sanctorum of the crypto world, and I know
>>> that this is bordering on heresy, but since M4 has a TRNG, will you
>>> trust it? If yes, what benefit is provided by the noise board, if
>>> any? If not, why would you trust the M4 to manage your external TRNG
>>> and FPGA
>>>
>>
>> As others have stated. No, we wont replace our TRNG with the one inside
>> the M4. And note that the noise board is only one of our noise sources.
>>
>> If the TRNG inside is the same design as in the STM32L06, based on
>> testing with Dieharder it generates good random numbers. But it is a
>> black box. ST does not provide any real information on what the
>> underlying physical process is, how it is used to drive a CSPRNG. And of
>> course to real insight into what is actually on the chip.
>>
>> We could use the TRNG in the M4 as an entropy source to feed the TRNG
>> inside the FPGA (basically a FIFO into which SW could write words
>> consumed during entropy mixing). But replacing the TRNG, no.
>>
>
> I brought up the M4 TRNG issue with a view on any possible subversion of
> its internal design, but I get from you that the issue on hand is much more
> basic - no knowledge what's in it and how it operates - and thus can't be
> fully embraced as a sole actor. Good point.
>
> Jacob
Sure, not as a sole actor, but what about as an additional source, mixed in
with the others? I'm not sure what the latest views on this are - if an
attacker could predict all of the output of the M4 TRNG do they have any
advantage over a design that just doesn't mix this in? Intuitively it feels
like they don't (just pretend that the extra RNG outputs a stream of 0),
but I seem to remember someone knowledgeable saying that N sources of
entropy is better than N + 1, where the attacker controlls the +1...
Makes no sense, but then again that's how I often feel when talking about
random :-
W
>
>
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech
>
--
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20150530/cb56f58f/attachment.html>
More information about the Tech
mailing list