[Cryptography] In search of random numbers

Bill Cox waywardgeek at gmail.com
Mon Oct 27 19:55:57 EDT 2014


On Mon, Oct 27, 2014 at 4:54 PM, Bear <bear at sonic.net> wrote:

> On Sun, 2014-10-26 at 09:45 +0000, ianG wrote:
>
> > You only get product recall when it is likely to kill the user.  Bad as
> > the randomness issue appears to us, I'm not sure we're there yet.
>
> The randomness issue doesn't look bad to me.  You just boot a
> non-networked OS and don't load any networking software or
> generate any keys until something actually needs a network
> connection or a key.
>
>                         Bear
>

I'm not sure we can't just have all our IoT devices have their own TRNG.
It's hard to trust an unauditable TRNG in someone else's IC, but if it's my
custom ASIC I design or even just an FPGA, it's easy to trust the TRNG
design you drop in, so long is it isn't rocket science to get right.  Ring
oscillator noise sounds like a decent candidate, though for even smaller
size and higher speed with predictable entropy output, I prefer an infinite
noise multiplier.  For board level designs, there should be a $0.25 highly
auditable TRNG chip you can buy that just spits out 0's and 1's when
clocked.  If they go into many designs, we can tear down enough of them
chosen at random to show that at at most only a small percentage of them
are back-doored.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141027/4bb87c5f/attachment.html>


More information about the cryptography mailing list