[Cryptography] A TRNG review per day (week?): ATSH204A
Clemens Ladisch
clemens at ladisch.de
Sun Nov 9 15:27:17 EST 2014
Bill Cox wrote:
> "Certain randomness extractors need a random seed."
>
> Huh? Which randomness extractors require a random seed?
Wikipedia defines a randomness extractor as
| a function, which being applied to output from a weakly random entropy
| source, together with a short, uniformly random seed, generates
| a highly random output that appears independent from the source and
| uniformly distributed.
Quite a few of the theoretical extractors proposed by researchers need
such a seed. Which, of course, makes them unsuitable for pratical
applications.
As far as this chip is concerned, I think it is more likely that the
seed is used for a PRNG, i.e., it guarantees that the output looks
random even if the designers cannot guarantee a lower bound of the
TRNG's entropy.
> I find it very difficult to believe this device has a "high quality TRNG"
> as Atmel claims. If it did, there would be no impact on the security of
> the system when the "seed update" is disabled. There would be no need for
> the seed at all.
It's possible that the seed is just a protection against failure of the
TRNG; this would be a feature. (But then they should have told us that.)
Regards,
Clemens
More information about the cryptography
mailing list