[Cryptography] TRNG review: Arduino based TRNGs
Stephen Wood
smwood4 at gmail.com
Tue Jan 12 15:55:02 EST 2016
> As users, you should vote with your wallets and not buy products with CPUs
that don't come with a proper entropy source built in.
What options do we have? I know that the RPI comes with a built-in hwrng,
but it runs an actual OS that requires crypto functionality. As far as I
know it's still a black box, so there's lingering problems with that.
It would be nice to put pressure on Arduino, but it's my opinion that more
sophisticated projects are already moving on to raspberry pi.
On Tue, Jan 12, 2016 at 12:45 PM, <dj at deadhat.com> wrote:
> > Thanks, Bill. This is a fun write-up.
> >
> >> The most popular technique for generating true random data is to do what
> > TrueRandom does, and drive a voltage onto pin 0, and measure it with the
> > 8-bit ADC. While sometimes this generates unpredictable data, the
> scatter
> > plots show scary correlations, and the one thing we know it is not
> > measuring is thermal noise.
> >
> > Is there any way you could mitigate this by diversifying board pins, for
> > example read from pin 0 and 5 and XOR the data together?
>
> As users, you should vote with your wallets and not buy products with CPUs
> that don't come with a proper entropy source built in.
>
>
--
Stephen Wood
www.heystephenwood.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160112/c9bdc1b0/attachment.html>
More information about the cryptography
mailing list