CPRNGs are still an issue.

[Bill Frantz]

djm at mindrot.org (Damien Miller) on Friday, December 12, 2008 wrote:

>On Thu, 11 Dec 2008, James A. Donald wrote:
>
>> If one uses a higher resolution counter - sub
>> microsecond - and times multiple disk accesses, one gets
>> true physical randomness, since disk access times are
>> effected by turbulence, which is physically true
>> random.
>
>Until someone runs your software on a SSD instead of a HDD. Oops.

I find myself in this situation with a design I'm working on. I
have an ARM chip, where each chip has two unique numbers burned
into the chip for a total of 160 bits. I don't think I can really
depend on these numbers being secret, since the chip designers
thought they would be useful for DRM. It certainly will do no harm
to hash them into the pool, and give them a zero entropy weight.

The system will be built with SSD instead of HDD, so Damien's
comment hits close to home. I hope to be able to use timing of
external devices, the system communicates with a number of these,
along with a microsecond counter to gather entropy from clock skew
between the internal clock and the clocks in those devices.

Unfortunately the system doesn't normally have a user, so UI
timings will be few and far between.

Short of building special random number generation hardware, does
anyone have any suggestions for additional sources?

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        | Barack Hussein Obama, President of the United States.
408-356-8506       | Now we can return to being a partner with the rest of
www.periwinkle.com | the world.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com