[Cryptography] TRNG review: Arduino based TRNGs

[Stephen Wood]

>Other Pi options involve pressure, acceleration and temp sensors
and the built in hardware.   Even if the built in hardware has issues
a modest amount of noise from something else (anything) can help.

I've found the built-in HWRNG to be useful but not sufficient for
applications that demand high throughput. Isn't the idea always to take a
certain of amount of data and then seed and refeed a CSPRNG?

This isn't directed at anyone in particular, but I think Bill's research is
very valuable work, even if it doesn't yield such a device. How much
entropy is needed to properly seed a CSPRNG? This[0] stack-exchange
question suggests at it being ~128 bits. Going from known state --> 16
bytes of honest-to-goodness random data --> CSPRNG would open up the
Arduino to a lot of interesting applications.

> Given the doubts about transparency for entropy sources it
makes sense for a I2C device costing pennies to hit the market.

I agree and have wondered out loud why we have no such device! Bill himself
makes an inexpensive TRNG[1] (that's currently in stock!), there's also the
OneRNG which I own and use. Both of these devices target linux hosts and
not IoT.

Maybe someone with better electronics experience can chime in, but I'm very
curious about the minimum amount of hardware required to build a TRNG for
IoT devices such as the Arduino.

[0]
http://security.stackexchange.com/questions/94646/how-much-entropy-is-good-enough-for-seeding-a-csprng
[1] https://www.tindie.com/products/WaywardGeek/infinite-noise/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160113/ad0ceb70/attachment.html>