[Cryptography] A TRNG review per day (week?): ATSHA204A has low entropy
Jerry Leichter
leichter at lrw.com
Tue Dec 9 15:29:20 EST 2014
On Dec 9, 2014, at 12:10 PM, dj at deadhat.com wrote:
> It could be that the part has a ring oscillator for it's own clock and
> there is no entropy source, the variation is all read timing....
It's easy enough to make a ring oscillator whose frequency drifts and which is sensitive to things like temperature. In fact, you have to design it properly to *avoid* such effects. A "badly implemented" ring oscillator would itself be a source of entropy.
*How much* real, usable entropy is the important question, however. And how easy is it for an attacker to either (a) build a model of a particular ring oscillator on a particular part based on observations of its behavior and then predict what it will do; (b) *influence* what it will do using techniques like RF fields.
For low- to medium-security use in suitably controlled environments, this might be a "good enough" solution - but you'd need a careful analysis to really say.
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141209/9342d1cc/attachment.bin>
More information about the cryptography
mailing list