[Cryptography] A TRNG review per day: Turbid

Clemens Ladisch clemens at ladisch.de
Mon Oct 27 16:47:55 EDT 2014


Bill Cox wrote:
>  - A sound card used by Turbid cannot be used for input, meaning most users
> need a second sound card.

Quite a few sound devices have several independent inputs.

> - Once a user is buying extra hardware for use as a TRNG, there is no
> reason to use a sound card, when a TRNG designed for the purpose can do a
> better job.

Sound devices are widely available, and cheap, and do not require
an additional driver.

>  Sound outputs will be correlated when sampled at high speed.

If the output contains _only_ white noise, there will be the same amount
of noise at all frequencies, so the sample rate would not matter.

> To help correct for this short-term correlation, Turbid could keep the
> history of the next sample given several previous samples. This would
> give a good estimation of surprisal, allowing more accurate entropy
> estimation.

I believe that estimating the entropy (i.e., amount of white noise) of
a sound signal cannot be done reliably without computing the FFT.

>  The paper states:
>
>  "The least-fundamental threats are probably the most important in
> practice. As an example in this category, consider the possibility that the
> generator is running on a multiuser machine, and some user might
> (inadvertently or otherwise) change the mixer gain. To prevent this, we
> went to a lot of trouble to patch the ALSA system so that we can open the
> mixer device in “exclusive” mode, so that nobody else can write to it."
>
>  Instructions are provided for patching ALSA.

AFAICS the patch is missing from the latest turbid version, and the
makefile references an ALSA version that is over ten years old.

However, no patch is needed; locking mixer controls has always been
possible.  Apparently, ALSA's documentation is, er, capable of
improvement.


Regards,
Clemens


More information about the cryptography mailing list