[Cryptech Tech] Suggested changes to TRNG
Joachim Strömbergson
joachim at secworks.se
Wed Sep 30 09:40:23 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
Rob Austein wrote:
> At Tue, 29 Sep 2015 18:00:57 +0200, Joachim Strömbergson wrote: ...
>> Comments, ideas, screams and suggestions on these ideas greatly
>> appreciated.
>
> The PRNG makes me a bit nervous. I can see the arguments, but I can
> also see arguments for letting the user decide to exclude it. Which
> brings me to the suggestion:
If you by "PRNG" mean the suggested third pseudo entropy provider I can
understand that there might be issues. But could you try to be more
explicit what in it that makes you a bit nervous? Is it:
(1) Having an internal feedback path from the CSPRNG to the mixer?
(2) Having the pseudo entropy provider be exposed to SW to allow writing
in your own entropy?
The basis for (2) is that a couple of people have said that the ability
to inject your own entropy is something that might be useful and
desirable. My suggestion solution tries to meet those wishes. It is also
fairly close to what you can do to /dev/random in many OSes.
> It would be nice if there were some way other than patching or
> manual editing of trng.v for the build configuration tool to control
> which entropy sources are included. If this means that the
> configuration tool has to generate the TRNG's internal MUX, so be it.
> If we can do it just by having the build configuration file generate
> a file of `defines which trng.v `includes, that's OK too.
Sure. And for the two current entropy providers this would be quite
easy. Basically the same method as we use for the core connector system
with defines for things we want.
For the suggested third entropy provider this can also work, but takes a
slightly more work since if its disabled we want to ensure that the feed
back path and read data mux at the CSPRNG end are removed too. The
synthesis tool will happily remove them for us if we just remove the
entropy provider, but the tool will complain about dangling wires and is
not a very clean way of doing it.
Also, the current entropy providers supports enabling/disabling from the
API. I assume the third one would have this control via API too. So
anybody that don't want to use it could simple disable it and it wont be
used to provide values to the mixer.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJWC64HAAoJEF3cfFQkIuyN6zkQAJHW7Ql42OF/bldTs1b0mxD7
MtZQbeRi1YQVl/lDORUBc09USIW8DCKD/Jie1h1wd4Dn2/LOB2zkt0vyUTbaQaUU
fM1yqcqb/Qz9Jjt8BmLrQNeMEqmNDlM+Ks/cy/ee6Q/aPSuk1c2zqmcFSJ1JzuCG
FbY680vfiGL+As590T/zD0+Fzj4XUBw6ds2+AtJ3S+IgNsgAwlmd6+B92BEMvxSE
RCmxPiiPX+rOunrJn8q3AUN/G+aRDFlrn2S9H+cRUGcJWmOV8nqnS1iO169zb2x7
65q1p6e71pv/EwS3cSYYcoWQoRxS47J7zUVQ7FOKV/3w1huai6jSGrr+J8VAWpqW
CilMu+jJMK3gW1lG7IBrgepObKdxswIaJEyg+66QxjbQk+kFPiQ1mWjtBvEamG34
SW+mW6oE7dHaack+wqDDjSxhgjsDWG4t/plmr/24nQ8EX0YyjHNxzontZu6xZpFz
ZSp4+eFopj7MnGYz5Bl9bypl+d3Tz75E9DyXx3smNJ0c9mqmUBzGD8J2Hm4ukjfy
/vvbDQAYDOHi8HJMUJi3NWTccqlED6eSoSpur2OsXuzSFH7kD96l+SqncOgBbZf5
Q5Sz1wKTvxsa9ljD2LKK1llqVH3R4ehjpqgDTLoTE91yd3HlDE4woaHph5+32NOv
9gepld+BDcHh1qMfD7Jo
=o3sI
-----END PGP SIGNATURE-----
More information about the Tech
mailing list