[Cryptography] RAM memories as one source of entropy
Sampo Syreeni
decoy at iki.fi
Sun Mar 2 21:07:00 EST 2014
On 2014-03-02, John Kelsey wrote:
>> If you want *physical* randomness, you need to rely on basic physical
>> principles. Denker's work is one example; generators based on
>> radioactive decay (*carefully* analyzed - there are traps for the
>> unwary here) are another. A bit of quick hacking with some chips you
>> happen to have sitting on your desk just ain't gonna do it....
>
> Actually, it probably will.
It can. But then, think about the usability factor, and the systemic
underpinnings of how you derive trust-in-hardware. Especially think
about how you'd assuage the FUD another person might feel over your home
made generator.
Denker's work yields a source of randomness which is near-ubiquitous
given current distributedly mass produced motherboards, and it does so
with a proper, relatively easily measured, quantified and sanity-checked
bounds on the minimum entropy rate. Of course by all means add to that
if you can -- all it takes is a bitwise XOR -- but if you want to bring
real entropy to the masses, easy access and proper bounds, monitorable,
always trump extra complexity as the base source.
Then as it stands, strong (nonlinear, like derived from modern block
ciphers, so that even prospective quantum algorithms are rendered moot
as an attack) PRNG's with periodic reseeding from such a source ought to
be enough for anybody, without blocking or other such inconveniences. Or
is that not pretty much the consensus, based on the best and most
paranoid knowledge we have?
So is this problem not pretty much solved? Shouldn't we just move along,
since there's nothing to see here?
--
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
More information about the cryptography
mailing list