[Cryptech Tech] Suggested changes to TRNG

Joachim Strömbergson joachim at secworks.se
Tue Oct 6 12:01:44 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Basil Dolmatov wrote:
>> It cannot reflect changes (including ageing as well as tweaking and
>> tampering), so it cannot be used as the reason to set "OUTPUT_GOOD"
>> signal.

Exactly. And I've never suggested anything to that effect. At least not
intentionally.

The output good signal will be based on startup tests. And during
production tests by online tests that constantly monitors the entropy
providers as well as the output of the csprng.

The _only_ reason for the warmup delay is to avoid possibly really bad
entropy that appears directly after configuration and system startup. To
give the physical processes time to become less predictable.

It is my guess that this is esp true for the rosc based entropy provider
since the oscillators will always be in a defined state directly after
FPGA configuration. Letting the oscillators free run for a while before
starting to collect entropy from them seems prudent to me.

This is the only purpose of the functionality I've added.

One could of course spend a fair bit of time measuring the behaviour of
the entropy providers at time zero and then a number of times up to some
limit (seconds, minutes) and try to come up with a number where initial
conditions seems to have disappeared. Something for a later time. Right
now I just kill a bunch of ms which means that the rosc oscillators runs
for several millions of cycles before using them.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJWE7goAAoJEF3cfFQkIuyNmoIQALRdSF+kAnjqUWmT38MSPvPe
li/eW/3Q/euc0LpxF841WC2G3IiXvP3ueaA+Gdy2UQyYSRE6Rh+z5WBa2wKseL9P
3q9+pdZ7v5DFaS5sskCOHl1NKxCgAR23TsSfP1LDqyOqXX5E/uSVTjkjtA8NwoR6
KynNsBXRjVXwBvDtIki63HbJRbuRMLNSAqApkUETPRuzVQsDbN2bXm0zhYh3S5Zj
80X7Fj9/ebyPfW5vJBzyx5/2xt9g7NRG6Z42VDD1Rww1H4bq6v7pcJ94gBy3QWtY
+9Q8GxCb9GSEIF79pYEC252Xu47FRfe34KGvFpb8TBMcaHk3oYqzpSzkb8q33FR1
ODLHdYIVpx5zqfWrcH5Qb5NvJudWTl3viFEg2QSj/QCcc5addW0GkSs8S5zXeRHv
Pbr0TvkAKjWMyafpSRZOUkq/W5BWrnRANm61UxchJ8ACWgCTOjXOi9Fvha51Wd2z
hmnN3mS8Bc+x9zGBlXTxLfJXFWRUtUbHzsZ1uq2K7T0VD8GaGDh1DeN+OGpIjWUK
vtPcIJb6ys3fs5BpNpmV/1L4/W23jZ+MRBxbTk6iprwJizIB+b24s6rsH8VydYt9
4oeTDqkPtBUqZW/+NyMzAVtDU24aZehHlcMLAqi6cnDbnS+gL+TCvP4An6fxEJbJ
teF4cTL2Hz81nR4zOAd6
=t5L1
-----END PGP SIGNATURE-----


More information about the Tech mailing list