[Cryptech Tech] Suggested changes to TRNG

[Fredrik Thulin]

On Tuesday, September 29, 2015 01:40:55 PM Russ Housley wrote:
...
> > (3) One thing we have discussed is to add a third entropy provider - a
> > pseudo random provider. It would would serve one, possibly two purposes:
> > 
> > 1. As a feedback path from the csprng to the mixer. The first X words
> > extracted after a reseed are never provided to application, but instead
> > fed back into a fifo (what the entropy provider is). This means that we
> > now have a feedback path and internal state that should make it much
> > harder for an attacker to control the state generating the seeds.
> > 
> > 2. As a way of applications to add entropy. The fifo in the third
> > entropy provider can be made available for writing data.
> 
> Is there overlap with (2)?  Is the feedback running all of the time or just
> the first X words?

I would hope the feedback from the CSPRNG back into the mixer runs all the 
time (at some rate).

Not as a response to you (Russ) but if the mixers state at start up is assumed 
to be known or partially known, feeding the mixer with the first X words from 
the CSPRNG won't necessarily do much good. Better to let other factors (such 
as other consumers of the CSPRNG output) stir up the state and affect what is 
fed back.

/Fredrik