[Cryptography] A review per day of TRNGs: some snake oil

Bill Cox waywardgeek at gmail.com
Wed Oct 22 19:20:59 EDT 2014


Going alphabetically (I did reverse alphabetically on PHC entries), using
this awesome site:

http://www.cacert.at/cgi-bin/rngresults

and selecting hardware RNGs, I this at the top:

- Araneus Alea II

The Araneus Alea II USB key can be bought for 199 Euros here:
http://www.araneus.fi/products/alea2/en

It passes dieharder tests, but the entropy source is zener noise, which is
not that white at these speeds, so there must be some whitening going on.
There is no description of the circuit, and the software is closed source.
I like that they use an A/D rather than just comparing to Vref like most
zener noise TRNGs.  There is a microcontroller on board, and we have no
idea if it can be used to PWN your system.

There's really nothing else to review, so until these guys open up and let
us see what's inside, I have to rate it: Snake Oil... until proven
otherwise.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141022/260780fe/attachment.html>


More information about the cryptography mailing list