[Cryptography] A TRNG review per day: OneRNG KickStarter
Bill Cox
waywardgeek at gmail.com
Sun Dec 14 21:47:00 EST 2014
If you've followed these discussions, you know I distrust undocumented and
unverifiable hardware RNGs, like Atmel's. Intel does better - at least
they tell us enough about their hardware RNG for me to fear a power-droop
attack to control it's output. Some would-be really nice TRNGs such as
TrueRNG almost got there, and then for unexplained reasons failed to
publish schematics.
I started reviewing with OneRNG, and of those I've reviewed, it remains by
far the strongest in terms of real security, IMO. They are one of only a
handful that understand that hardware RNG security needs to be open, from
schematics and board layout to source code. They just launched a
KickStarter today. I've signed up for a OneRNG at the $50 NZD level.
I now sell a hardware RNG USB key on Tindie. I have various reasons for
doing this, but creating the world's most secure entropy source was not one
of them. I feel OneRNG did a better job at real security, through solid
engineering. For real security, I feel like I can trust OneRNG above
everything else I've seen. I hope future versions of the OneRNG may
include a modular noise multiplier entropy source, but frankly, these guys
built a heck of a trustworthy RNG using what is proven and accepted.
If $50 is not a lot of money to you, I hope you'll join me in supporting
OneRNG. We need secret generators that we can trust. Otherwise, how can
we trust crypto at all? Passwords only?
Non-disclaimer: Not only am I not associated in any way with OneRNG, but I
directly compete with OneRNG with my Infinite Noise RNG. I have no reason
to promote OneRNG other than my belief that they have built the world's
most trustworthy TRNG.
BillS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141214/b5a2acb9/attachment.html>
More information about the cryptography
mailing list