[Cryptography] A TRNG review per day (week?): ATSHA204A has low entropy

Jerry Leichter leichter at lrw.com
Tue Dec 9 15:29:20 EST 2014

On Dec 9, 2014, at 12:10 PM, dj at deadhat.com wrote:
> It could be that the part has a ring oscillator for it's own clock and
> there is no entropy source, the variation is all read timing....
It's easy enough to make a ring oscillator whose frequency drifts and which is sensitive to things like temperature.  In fact, you have to design it properly to *avoid* such effects.  A "badly implemented" ring oscillator would itself be a source of entropy.

*How much* real, usable entropy is the important question, however.  And how easy is it for an attacker to either (a) build a model of a particular ring oscillator on a particular part based on observations of its behavior and then predict what it will do; (b) *influence* what it will do using techniques like RF fields.

For low- to medium-security use in suitably controlled environments, this might be a "good enough" solution - but you'd need a careful analysis to really say.
                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141209/9342d1cc/attachment.bin>

More information about the cryptography mailing list