using SRAM state as a source of randomness
alan
alan at clueserver.org
Mon Sep 17 19:31:01 EDT 2007
On Tue, 18 Sep 2007, James A. Donald wrote:
> Using SRAM as a source of either randomness or unique
> device ID is fragile. It might well work, but one
> cannot know with any great confidence that it is going
> to work. It might work fine for every device for a
> year, and then next batch arrives, and it completely
> fails. Worse still, it might work fine on the test
> batch, and then on the production run fail in ways that
> are subtle and not immediately obvious.
And you might get better results from cheaper ram which may fail more
often. (Adding a different sort of randomness.)
I have a friend who is a hardware engineer who is preparing a talk on just
this sort of issue with the state of DRAM chips. It will be interesting
to see what he says. (For those people in Portland, OR, it will be given
at the PLUG Advanced Topics meeting sometime early next year.)
--
Never trust a queue structure designed by a cryptographer.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list