[Cryptography] RAM memories as one source of entropy

John Kelsey crypto.jmk at gmail.com
Sun Mar 2 08:31:03 EST 2014

> On Feb 13, 2014, at 11:51 PM, Jerry Leichter <leichter at lrw.com> wrote:
[Discussion of using off the shelf RAM chips to get entropy via uninitialized reads]
> I've become very suspicious of all approaches like this.  They rely on details of current-generation technologies - often *side effects* of details of current technologies.  The problem is that technologies change very rapidly.  They actually sometimes change on time scales comparable to research completion/ publication delays!  And those changes can quickly render older work obsolete.

Amen!  These sources of "found" entropy seem like they can play a valuable role in providing some extra fallback security, but you can't really rely on them to seed your DRBG securely.  For that, you want something purpose-designed and analyzed.

> If you want *physical* randomness, you need to rely on basic physical principles.  Denker's work is one example; generators based on radioactive decay (*carefully* analyzed - there are traps for the unwary here) are another.  A bit of quick hacking with some chips you happen to have sitting on your desk just ain't gonna do it....

Actually, it probably will.  It's not all that hard to get a fair bit of entropy.  The problem is designing a system that you *know* gives you a certain amount of entropy, and that scales so that millions of people can reliably use it, and it doesn't break the next time someone puts out a new OS revision or hardware version.  

>                                                        -- Jerry


More information about the cryptography mailing list