[Cryptography] Final words on RNG design
Bill Cox
waywardgeek at gmail.com
Mon Dec 5 12:36:19 EST 2016
On Sat, Dec 3, 2016 at 4:21 PM, Natanael <natanael.l at gmail.com> wrote:
>
> The hardware should always have a trustworthy TRNG / CSPRNG that comes
> with accurate data on its characteristics, for use by the firmware /
> software. The hardware should be auditable, so that the behavior can be
> validated.
>
I agree 100%. This is the main ingredient that is missing on almost all
systems. A typical user-system running Linux will eventually collect
enough entropy from IRQ timing to seed the CPRNG. This is highly
auditable, but the speed varies greatly between systems, and is too slow to
ensure availability at boot time everywhere.
Unauditable TRNGs seem to be available on most systems that run Linux,
including the Raspberry Pi. We give Intel a hard time about their
non-auditable TRNG, but they simply did the same thing as nearly every
other manufacturer, and keeps the details of their TRNG secret. Somehow,
this needs to change.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161205/1c4c2890/attachment.html>
More information about the cryptography
mailing list