using SRAM state as a source of randomness
Joachim Strömbergson
Joachim at Strombergson.com
Mon Sep 24 11:12:39 EDT 2007
Aloha!
Peter Gutmann skrev:
> So RAM state is entropy chicken soup, you may as well use it because it can't
> make things any worse, but I wouldn't trust it as the sole source of entropy.
Ok, apart from the problems with reliable entropy generation. I'm I
right when I get a bad feeling when I think about the implications of
how the device ID is established.
As I understand it, the device itself doesn't know it's ID. Instead you
repeatedly send over mem dumps to the reader which then extracts what it
(to some estimated degree) consider to be the correct ID.
Wouldn't a "simple" thing like a challenge response and become much more
complicated - and insecure?
Basically the device goes from saying: "I'm ID XYZ and to prove it by
providing the following response to your challange", to "I'm an amnesiac
device and here are my mem dump", please calculate my ID (please
remember to power-cycle me x times) and then I'll send a response."
Also, wouldn't the ID-scheme presented in the paper take a very long
time. Transferring 256 Bytes * x times + hamming calc (by the host) vs
reading 64 bits (or similar ID length)?
I give the paper plus marks for novelty, but can't see how to use this
in a secure, practical and cost efficient way.
--
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Kryptoblog - IT-säkerhet på svenska
http://www.strombergson.com/kryptoblog
========================================================================
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list