[Cryptography] The world's most secure TRNG

Bill Cox waywardgeek at gmail.com
Wed Oct 8 20:59:02 EDT 2014


On Wed, Oct 8, 2014 at 7:00 PM, Dave Horsfall <dave at horsfall.org> wrote:

> It's possible that I may have missed this (the list seems to have spiked
> lately), but how would the device present itself to the host?  A serial
> stream of random bits (like a terminal or a keyboard), or some sort of a
> structure with command and control etc?
>
> -- Dave
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>

No command/control.  In fact, I feel a lot better not having a
microcontroller on there that could transmit nasty malware when being
plugged into a new system, or which could be reprogrammed to emit
non-random data.

It's just a simple USB -> 8-bit fifo chip controlling the TRNG.  The USB
controller is a FT240X, which has some reconfigurability, but not even
enough to create a 2-bit state machine.

The host just sets Ph1 high and Ph2 low and vice versa through the bit-bang
mode on the FT240X, and receives the resulting bytes one per clock.  Only
one bit of each byte is output from the TRNG, so you clock it 8 times and
then send a byte to the whitener.

I'm working on the Eagle schematic and board layout now.  It's a lot of
fun.  I know I should put an EMI shield on the device to keep it from
leaking data to attackers, but I am leaning towards shipping naked cheap
little USB boards, similar to a  DigiSpark.

How important is the proper USB connector vs a raw connector with no
housing like the DigiSpark?  Do we really feel we need to wrap this thing
in metal to keep it from radiating secret bits?  I figure if we feed it
into a whitener, an attacker would have to know *every* bit to know the
state of the whitener.  That seems like a tall order for an attacker trying
to read bits from EMI.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141008/32a110bb/attachment.html>


More information about the cryptography mailing list