[Cryptography] TRNGs as open source design semiconductors

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Sep 14 12:53:36 EDT 2019


Bill Frantz <frantz at pwpconsult.com> writes:

>There is one good thing about secure random number generators (or whatever is
>the PC term for them these days). If you use a good combining function and
>your attacker can successfully predice 7 of your 8 sources, but not the 8th,
>then you have good output. There aren't many things in this world where you
>combine 7 bad things with 1 good thing and get a good thing.

Yup, that's the way to get good entropy, just combine enough sources and as
long as even a few of them are OK, the whole thing is OK.  If you look at all
of the published attacks on entropy sources they never get beyond ones that
are little more than time() ^ getpid() as the seed because once you start
using multiple nontrivial sources it gets too hard for an attacker to model
what's going on.  An that's a feature, not a bug: people complain that you
can't reason about a set of entropy sources that you can't reliably model, but
then the attacker can't model them either.

Peter.


More information about the cryptography mailing list