[Cryptography] cheap sources of entropy

Bill Frantz frantz at pwpconsult.com
Mon Jan 20 16:04:59 EST 2014 

On 1/20/14 at 9:54 AM, pinterkr at gmail.com (Krisztián Pintér) wrote:
>collecting entropy is easy. extracting entropy is also easy. providing
>a general solution that reliably produces entropy is hard. just as an
>example, take this camera project. the following questions come up,
>from the top of my head:

No hardware device should be trusted unless it passes periodic 
tests. Most computer hardware is tested automatically as part of 
its normal operation. Lets look at the following "what ifs" for 
random number generation with a camera pointed at streamers in a 
fan, or a fish tank, or leaves on a tree. Because these 
arguments apply to much simpler hardware random generators, I am 
going to assume no back doors in the camera.

One issue that is almost never revealed in these discussions is 
how random number generation fits into the specific situation. 
Ian's ceremonies are far different from someone building an OTP 
system because it is "theoretically perfect", ignoring all the 
major engineering difficulties that the theory ignores. The 
following tests should work for ID dongles, DSA signing, session 
key generation, etc.

Let's use one of the statistical random number tests. These will 
detect certain failure modes, e.g. all ones, reliably. They will 
also have a certain number of false positives. We deal with the 
false positives by not trusting the output after a test failure 
until a subsequent test has passed, logging the failure for 
human attention.

>- what if the camera breaks?
The result will be all ones or oll zeros, no problem.

>- what if the camera entropy production degrades with time?
This is an unlikely situation since aging generally results in 
more, not less, noise. However the test will fail due to too 
much repetition in the output.

>- what if lighting conditions change?
How is this situation different from "degrades with time"?

>- what if the driver is updated, and starts filtering noise?
Ditto.

>- what if the driver is updated, and stops producing data?
Ditto. No data should be easy to detect.

>- what if temperature variations affect entropy production?
Ditto.

>- what if an attacker can listen on in EM, and read your camera output?
You're hosed. Don't allow it.

>- what if another software on the same machine can read camera output?
Ditto. Get a good OS, or configure the one you are using correctly.

>- what if the janitor accidentally unplugs the camera?
How is this situation different from the camera breaking above?

If this approach isn't good enough, replicate it several times 
and combine the outputs.

Cheers - Bill


--------------------------------------------------------------
Bill Frantz        | There are now so many exceptions to the
408-356-8506       | Fourth Amendment that it operates only by
www.pwpconsult.com | accident.  -  William Hugh Murray

More information about the cryptography mailing list