[Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say
Stephan Mueller
smueller at chronox.de
Thu Dec 19 12:04:43 EST 2013
Am Donnerstag, 19. Dezember 2013, 07:56:36 schrieb Arnold Reinhold:
Hi Arnold,
>How do we safely initialize Yarrow or a another software RNG if the
>CPU's hardware RNG is compromised and there is no other source of
>entropy? This is a situation that is increasingly common in all
>solid-state black box devices, and is especially tricky at first
>startup, when keys used to manage such units are often generated.
There are various implementations of RNGs that use CPU execution timing
variations as noise source. That phenomenon is available right from the
start of the CPU. In fact, the patch in my Jitter RNG [4] for the Linux
/dev/random would fill the input_pool with entropy during initialization
at system boot time, early in the boot cycle. This could be done for a
Yarrow as well. I guess the other RNGs could be used in a similar
fashion.
So, there are noise sources which do not depend on some black box.
[1] http://www.issihosts.com/haveged/
[2] http://dankaminsky.com/2012/08/15/dakarand/
[3] http://jytter.blogspot.se/
[4] http://www.chronox.de/
Ciao
Stephan
More information about the cryptography
mailing list