[Cryptography] A TRNG review per day (week?): ATSHA204A has low entropy

Bill Cox waywardgeek at gmail.com
Fri Dec 5 10:31:23 EST 2014

The first time I turned off update_seed, only 164 unique 32-byte values
were ever returned by "hashlet random".  Then I called "hashlet random"
exactly once with update_seed on.  After that, with update_seed off, only
124 unique 32-byte values were ever returned by "hashlet random".

It looks likely that no more than 8 bits of true randomness is mixed into
the seed each time the random function is called.

I suspect this chip's crypto is fully breakable due to it's poor entropy
source, if you know the starting seed and know the update algorithm.  IMO,
the use of the EEPROM seed seems most likely to be nothing but a way to
mask that the crypto on this chip is back-doored.

Can anyone else verify this?  If what I think I am seeing is real, I
certainly hope this part is not being used in new systems for any security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141205/c082a22c/attachment.html>

More information about the cryptography mailing list