[Cryptography] A TRNG review per day (week?): ATSHA204A has low entropy

dj at deadhat.com dj at deadhat.com
Tue Dec 9 12:10:08 EST 2014

> Since this device does not seem to get any signals such as a clock from
> the
> Raspberry Pi, yet it returns different values after a cold boot on the
> first call to random, I think there is strong evidence that some sort of
> entropy generator does exist on the part.

Clock drift between the Pi and the part's internal clock could be the
source of entropy. It is entirely possible to have the timing of reads
inject entropy into a PRNG. In fact SP800-90A pretty much works this way
if you implement it with a straight face. The DRBG will arrive at a
reseed/generate decision and the timing of your reads will drive the

It could be that the part has a ring oscillator for it's own clock and
there is no entropy source, the variation is all read timing.

If that's what is going on, then looking at the distribution of the first
value over many boots should eliminate more of the external entropy and
get you closer to the internal entropy.

More information about the cryptography mailing list