[Cryptography] Thoughts on hardware randomness sources
Marcus D. Leech
mleech at ripnet.com
Tue Sep 10 12:30:06 EDT 2013
On 09/10/2013 12:04 PM, Rob Kendrick wrote:
>> I wonder what people's opinions are on things like the randomsound
>> daemon that is available for Linux.
> Daniel Silverstone, the author, specifically advises people to not use
> it. :)
I haven't actually looked at the code. Conceptually, anything with an
ADC can produce thermal and or 1/f noise in the lowest-order bits.
Even if it's somewhat biased (like having 60Hz hum embedded in it),
with a suitable whitening function, it should produce
high-quality entropy at rates of at least several hundred bits/second.
The idea is to have *diversity* of physical random sources, to make it
difficult for "bad actors" to subvert said hardware.
It's fairly easy to "audit" these sources of random bits, since said
bits won't have had any processing done to them in support of their random
properties (unlike the Intel HW RNG).
But this is just one aspect of a much-larger problem of "trusting trust"
(in the Thompson sense).
Shirleys Bay Radio Astronomy Consortium
More information about the cryptography