[Cryptography] cheap sources of entropy
Thierry Moreau
thierry.moreau at connotech.com
Wed Jan 29 05:03:37 EST 2014
James A. Donald wrote:
> On 2014-01-29 10:40, Ben Laurie wrote:
>> Unfortunately, though, in low entropy systems it takes a _really_ long
>> time to reach an uncompromised state in the first place.
>
> I don't think there are any low entropy systems.
Indeed there are no low entropy environments. However, the very mission
of a digital system is to methodically provide tidiness out of a mostly
chaotic environment.
>
> You don't need entropy in a hurry unless you are on the network. If on
> the network, attacker cannot know everything about ever packet unless he
> has physical access. Hard drive generates a lot of entropy, timing skew
> generates a lot of entropy, and any physical sensor, such as camera or
> microphone, generates lots of entropy.
The problem with these precise measurements (low bits of precise event
timing or physical phenomenon measurements) is that there is no known
usage except as a source of entropy. Then a reasonable system design
might find no justification for preserving these "useless bits" and drop
them early in the acquisition chain (truncation, filtering, hysteresis
algorithm). Such design approach would be even preferable for processing
determinism, memory efficiency, easier system validation (less "useless
bits"-dependent bugs).
Plus obviously that these precise measurements are system specific and
not part of a vendor commitment with respect to minimal specifications
(e.g. an ambient temperature measurement needs no greater precision than
one degree, so the 0.01 fractional degree happens to exhibit jitter in
one system production batch and turns constant in the next one).
There are no economic incentives for a low-cost manufacturer to commit
to provide a "trusted" source of entropy. Intel did something and now
their design is suspected of back-door by (a portion of) the very
community that requested something to be done.
Somehow this discussion tends to run into circles.
--
- Thierry Moreau
More information about the cryptography
mailing list