[Cryptography] An alternative electro-mechanical entropy source (was 'We cannot trust' Intel and Via's chip-based crypto...)

[Steve Weis]

On Thu, Dec 12, 2013 at 3:44 AM, Arnold Reinhold <agr at me.com> wrote:
> My problem with the Intel design is that there is no way to audit it.
> ...
> Here is an idea I have been playing with to provide a slow but auditable
> source of entropy.
> ...
> Both the accelerometer chips and the
> vibration motors are made in huge quantities and cost under a dollar in
> quantity.  They can be audited separately. The items could be mounted on the
> mother board, daughter board or a USB dongle.

A few comments:
1. You aren't trusting the CPU to generate random numbers, but you're
trusting the motherboard and chipset that your proposed RNG device is
plugged into. You're also ultimately still trusting the CPU which is
consuming those values.
2. How does a CPU authenticate that it's talking to a real, audited
RNG device and not a spoofed device?
3. I think an accelerometer measuring vibrations could be influenced
by the CPU fans, which can be influenced by attackers running userland
processes.

If you try to address these issues, I think you'll end up with
something that looks like a TPM: a cheap device plugged into a bus
with a slow RNG, persistent storage, & crypto functionality that is
supposedly made by a trusted manufacturer.