using SRAM state as a source of randomness

alan alan at
Mon Sep 17 19:31:01 EDT 2007

On Tue, 18 Sep 2007, James A. Donald wrote:

> Using SRAM as a source of either randomness or unique
> device ID is fragile.  It might well work, but one
> cannot know with any great confidence that it is going
> to work.  It might work fine for every device for a
> year, and then next batch arrives, and it completely
> fails.  Worse still, it might work fine on the test
> batch, and then on the production run fail in ways that
> are subtle and not immediately obvious.

And you might get better results from cheaper ram which may fail more 
often.  (Adding a different sort of randomness.)

I have a friend who is a hardware engineer who is preparing a talk on just 
this sort of issue with the state of DRAM chips.  It will be interesting 
to see what he says.  (For those people in Portland, OR, it will be given 
at the PLUG Advanced Topics meeting sometime early next year.)

Never trust a queue structure designed by a cryptographer.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list