using SRAM state as a source of randomness

Joachim Strömbergson Joachim at
Mon Sep 24 11:12:39 EDT 2007


Peter Gutmann skrev:
> So RAM state is entropy chicken soup, you may as well use it because it can't
> make things any worse, but I wouldn't trust it as the sole source of entropy.

Ok, apart from the problems with reliable entropy generation. I'm I 
right when I get a bad feeling when I think about the implications of 
how the device ID is established.

As I understand it, the device itself doesn't know it's ID. Instead you 
repeatedly send over mem dumps to the reader which then extracts what it 
(to some estimated degree) consider to be the correct ID.

Wouldn't a "simple" thing like a challenge response and become much more 
complicated - and insecure?

Basically the device goes from saying: "I'm ID XYZ and to prove it by 
providing the following response to your challange", to "I'm an amnesiac 
device and here are my mem dump", please calculate my ID (please 
remember to power-cycle me x times) and then I'll send a response."

Also, wouldn't the ID-scheme presented in the paper take a very long 
time. Transferring 256 Bytes * x times + hamming calc (by the host) vs 
reading 64 bits (or similar ID length)?

I give the paper plus marks for novelty, but can't see how to use this 
in a secure, practical and cost efficient way.

Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
Kryptoblog - IT-säkerhet på svenska

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list