[Cryptography] A TRNG review per day (week?): ATSH204A
Bill Cox
waywardgeek at gmail.com
Sun Nov 9 07:26:05 EST 2014
On Sun, Nov 9, 2014 at 5:43 AM, Philipp Gühring <pg at futureware.at> wrote:
> So what is this really? Was this just your idea how it could be, or do you
> have any clues that point in the direction that your description is
> accurate? Which PRNG function are they using?
>
There are many comments about Atmel's part like this:
http://comments.gmane.org/gmane.comp.security.cryptography.randombit/6225
And here's the standard snake-oil from the manufacturer:
http://www.atmel.com/Images/Atmel-8843-CryptoAuth-Generating-Random-Secrets-for-ATSHA204-ApplicationNote.pdf
Atmel claims, "In the ATSHA204, the random seed comes from variations at a
quantum scale within the ATSHA204."
If this were true, then why do they have to have a "random" seed? A high
quality TRNG is used to _genereate_ random seeds, and has zero need for one
to be provided! Also, exactly what "quantum scale" entropy are they
measuring?
As for which PRNG they are using... well, I see they have HW SHA-256. If I
had to guess, it's SHA-256(seed + counter), where counter is incremented
for each 256 bits they spit out. At the end, they likely write the counter
value back to flash, which enables them to cut off output at a specific
value. I doubt they ever change the seed, so it's shipped pre-programmed
into your part.
By the way, I can only find a ATSHA204A , not an ATSH204A. Is it this one?
>
Yes... thanks for pointing that out :-)
> They have a funny (and in my point of view dangerous) functionality to
> test the RNG, it always returns FF FF 00 00 FF FF 00 00 when the chip is
> in a certain mode.
> http://www.atmel.com/Images/Atmel-8885-CryptoAuth-ATSHA204A-Datasheet.pdf
> -> 3.2
> So any application should specifically check for such return values all
> the time, in case the chip accidently/randomly switches to that mode.
>
> Best regards,
> Philipp
>
>
I saw that. I guess it is useful for testing...
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141109/1a95fa2f/attachment.html>
More information about the cryptography
mailing list