[Cryptography] RAM memories as one source of entropy

Sampo Syreeni decoy at iki.fi
Sun Mar 2 21:07:00 EST 2014


On 2014-03-02, John Kelsey wrote:

>> If you want *physical* randomness, you need to rely on basic physical 
>> principles.  Denker's work is one example; generators based on 
>> radioactive decay (*carefully* analyzed - there are traps for the 
>> unwary here) are another.  A bit of quick hacking with some chips you 
>> happen to have sitting on your desk just ain't gonna do it....
>
> Actually, it probably will.

It can. But then, think about the usability factor, and the systemic 
underpinnings of how you derive trust-in-hardware. Especially think 
about how you'd assuage the FUD another person might feel over your home 
made generator.

Denker's work yields a source of randomness which is near-ubiquitous 
given current distributedly mass produced motherboards, and it does so 
with a proper, relatively easily measured, quantified and sanity-checked 
bounds on the minimum entropy rate. Of course by all means add to that 
if you can -- all it takes is a bitwise XOR -- but if you want to bring 
real entropy to the masses, easy access and proper bounds, monitorable, 
always trump extra complexity as the base source.

Then as it stands, strong (nonlinear, like derived from modern block 
ciphers, so that even prospective quantum algorithms are rendered moot 
as an attack) PRNG's with periodic reseeding from such a source ought to 
be enough for anybody, without blocking or other such inconveniences. Or 
is that not pretty much the consensus, based on the best and most 
paranoid knowledge we have?

So is this problem not pretty much solved? Shouldn't we just move along, 
since there's nothing to see here?
-- 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2


More information about the cryptography mailing list