[Cryptography] The best TRNG architecture, comming soon?

Ryan Carboni 33389 at protonmail.com
Tue Aug 27 17:50:01 EDT 2019

Cannot understand some of these arguments.

Unless the future of embedded is accumulator CPU architectures where software is the glue logic for mostly hardware implemented functions, you’re going to be allocating memory and have a few libraries to abstract hardware interfaces. Whitening RNGs in hardware is not only unnecessary, but undesirable since biases cannot be replicable (and all devices have sensors or inputs that can be polled or read from, to add additional entropy if needed).

Backdooring a RNG by making it output random bytes by using a blockcipher where all but 32-bits of the key is known to the attacker, and where the IV is unknown would be sufficient to appear random to anyone else. No matter how many bytes one collects, it would appear random.

On the other hand, many attacks are foiled by a small amount of entropy, which is why certificates require 64-bit nonces.

Sent from ProtonMail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190827/b5d196e1/attachment.htm>

More information about the cryptography mailing list