[Cryptography] In search of random numbers

ianG iang at iang.org
Wed Oct 29 07:20:17 EDT 2014


On 27/10/2014 23:55 pm, Bill Cox wrote:
> On Mon, Oct 27, 2014 at 4:54 PM, Bear <bear at sonic.net
> <mailto:bear at sonic.net>> wrote:
> 
>     On Sun, 2014-10-26 at 09:45 +0000, ianG wrote:
> 
>     > You only get product recall when it is likely to kill the user.  Bad as
>     > the randomness issue appears to us, I'm not sure we're there yet.
> 
>     The randomness issue doesn't look bad to me.  You just boot a
>     non-networked OS and don't load any networking software or
>     generate any keys until something actually needs a network
>     connection or a key.
> 
>                             Bear
> 
> 
> I'm not sure we can't just have all our IoT devices have their own
> TRNG.  It's hard to trust an unauditable TRNG in someone else's IC, but
> if it's my custom ASIC I design or even just an FPGA, it's easy to trust
> the TRNG design you drop in, so long is it isn't rocket science to get
> right.


Precisely.  It needs to be so cheap that you'd drop it in if it solved
any problem you had.

The way to approach this problem is strategically:

   1. create enough free designs such that there aren't any barriers to
deployment.  No excuses!
   2. create some demand 'pull' from the market such that users,
customers, journos are asking questions of the builders.
   3. create some supply 'push' where those who claim to use an RNG are
rewarded by attention and recommendations.

In order.  No point in saying anything until 1. is in place.  Muzzle the
journes for now.

Go Bill, go Paul!


> Ring oscillator noise sounds like a decent candidate, though for
> even smaller size and higher speed with predictable entropy output, I
> prefer an infinite noise multiplier.  For board level designs, there
> should be a $0.25 highly auditable TRNG chip you can buy that just spits
> out 0's and 1's when clocked.

I'm shocked that a bit of silicon costs that much!


> If they go into many designs, we can tear
> down enough of them chosen at random to show that at at most only a
> small percentage of them are back-doored.


Of course they'll be backdoored!  But this is the wrong way to look at
things.

We need to seed these things throughout the market place.  Once the
standard is established that "you must use an RNG any RNG" then we can
ratchet up the pressure.  The grad students will do that for us, with a
little nudging.  Whole classes of IoTs will be broken.  Armageddon,
apocalypse, gosh oh my.

Then, things will get better as equipment suppliers get sick of their
name being dragged through the mud.



The reason this works is that it is impossible to just fix a broken
industry.  You have to introduce a framework and understanding at all
levels first.  Seed it from the bottom.  Then, when it's pervaded, start
the ball rolling for continuous improvement.  Love your arms race.



iang


ps, the precise wrong way to do it is to involve NIST, IETF, national
standards bodies.


More information about the cryptography mailing list