[Cryptography] A TRNG review per day: OneRNG KickStarter

Bill Cox waywardgeek at gmail.com
Sun Dec 14 21:47:00 EST 2014

If you've followed these discussions, you know I distrust undocumented and
unverifiable hardware RNGs, like Atmel's.  Intel does better - at least
they tell us enough about their hardware RNG for me to fear a power-droop
attack to control it's output.  Some would-be really nice TRNGs such as
TrueRNG almost got there, and then for unexplained reasons failed to
publish schematics.

I started reviewing with OneRNG, and of those I've reviewed, it remains by
far the strongest in terms of real security, IMO.  They are one of only a
handful that understand that hardware RNG security needs to be open, from
schematics and board layout to source code.  They just launched a
KickStarter today.  I've signed up for a OneRNG at the $50 NZD level.

I now sell a hardware RNG USB key on Tindie.  I have various reasons for
doing this, but creating the world's most secure entropy source was not one
of them.  I feel OneRNG did a better job at real security, through solid
engineering.  For real security, I feel like I can trust OneRNG above
everything else I've seen.  I hope future versions of the OneRNG may
include a modular noise multiplier entropy source, but frankly, these guys
built a heck of a trustworthy RNG using what is proven and accepted.

If $50 is not a lot of money to you, I hope you'll join me in supporting
OneRNG.  We need secret generators that we can trust.  Otherwise, how can
we trust crypto at all?  Passwords only?

Non-disclaimer: Not only am I not associated in any way with OneRNG, but I
directly compete with OneRNG with my Infinite Noise RNG.  I have no reason
to promote OneRNG other than my belief that they have built the world's
most trustworthy TRNG.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141214/b5a2acb9/attachment.html>

More information about the cryptography mailing list