[Cryptography] TRNG review: Arduino based TRNGs
Tom Mitchell
mitch at niftyegg.com
Wed Jan 13 16:30:39 EST 2016
On Tue, Jan 12, 2016 at 12:45 PM, <dj at deadhat.com> wrote:
> > Thanks, Bill. This is a fun write-up.
> >
> >> The most popular technique
>
....
> >
> > Is there any way you could mitigate this by diversifying board pins, for
> > example read from pin 0 and 5 and XOR the data together?
>
> As users, you should vote with your wallets and not buy products with CPUs
> that don't come with a proper entropy source built in.
>
Given the doubts about transparency for entropy sources it
makes sense for a I2C device costing pennies to hit the market.
An array of these from a couple vendors could allow those that
care a lot to build a less vulnerable device should one vendor's
device have an issue a mix of devices allows choices. With the
world embracing the internet of things there might be a market.
An "10-bit analog to digital converter" does allow sampling of natural
phenomena and if the phenomena is well chosen good things can
happen. Most natural phenomena is not random, chaotic perhaps.
My preference on this is a Raspberry Pi™ 2 Model B Camera Kit for $100+/-
http://www.mcmelectronics.com/product/RASPBERRY-PI-83-16555RK-/83-16555RK
Video devices allow a lot of bits via a parallel path.
They do suffer noise issues at low light levels.
They can be pointed at chaotic image sources.
Quad cores allows some dedication of resources.
Other Pi options involve pressure, acceleration and temp sensors
and the built in hardware. Even if the built in hardware has issues
a modest amount of noise from something else (anything) can help.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160113/5a907dbf/attachment.html>
More information about the cryptography
mailing list