[Cryptography] A TRNG review per day (week?): ATSH204A

Bill Cox waywardgeek at gmail.com
Sat Nov 8 21:59:20 EST 2014

Atmel has a chip for crypto that we can buy for under $0.50.  That's cool!
However, it has a "high quality HW RNG", with absolutely no description of
how they do it.

However, I've personally reverse-engineered the part.  Here's how they do

1) They program their flash with a 256 bit "random" seed, which they could
easily record, just in case they need it (or some government demands it).
2) Whenever you call their "random" function, it actually runs a plain old
PRNG, with this "random" value as the seed.  It then overwrites the seed
with the new "random" value.
3) If you try to call their "random" function more than 2 billion times, it
locks up, to avoid giving you enough data to see that is is just a PRNG.

OK, so I didn't actually do the reverse-engineering... However, I wouldn't
allow this part in any system that requires any sort of actual security.

Am I wrong?  Atmel?  Anyone?  Buller?  Anyone?  Buller?

How could they release a part with behaviour that is so obviously likely to
not be random at all, for use in cryptography?

Anyway, for now, I give it a "Danger Will Robinson" rating.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141108/64e4a32d/attachment.html>

More information about the cryptography mailing list