[Cryptech Tech] Comments on Alpha board schematics

Bernd Paysan bernd at net2o.de
Wed Jan 27 23:01:45 UTC 2016


Am Mittwoch, 27. Januar 2016, 10:34:14 schrieb Fredrik Thulin:
> Subject to some kind of policy I presume. I mean, if any/some defined number
> of the entropy sources stop working, we'd better block the CSPRNG if it
> wants to re-seed...

I should mention DJB's "entropy attacks" blog posting: 
http://blog.cr.yp.to/20140205-entropy.html

The bottom line is that as long as the initial entropy at startup was good, 
you can rely on the CSPRNG, and don't reseed too often. If the entropy breaks, 
continue with the old seed, until all nonces are used up for the CSPRNG (not 
going to happen ;-).

BTW: If you want to keep going even when the entropy sources all died, and you 
have non-volatile memory, you can even do that.  After accumulating enough 
entropy to seed the CSPRNG, use it first to generate a new seed to be stored 
in non-volatile memory.  Use that to seed the CSPRNG at next boot, and 
generate a new persistent seed.  An attack vector exists if someone can read 
out that non-volatile memory, but that attack vector also attacks any other 
long-term secret stored there; so if that happens, you are toast, anyways.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*
http://bernd-paysan.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cryptech.is/archives/tech/attachments/20160128/3e5295d9/attachment.sig>


More information about the Tech mailing list