[Cryptography] Duh, why aren't most embedded TRNGs designed this way?
John-Mark Gurney
jmg at funkthat.com
Sun Apr 25 17:23:03 EDT 2021
Bill Cox wrote this message on Thu, Apr 22, 2021 at 11:23 -0700:
> In short, use just 2 ring oscillators in an FPGA or ASIC, clocking 2
> counters, one binary and one gray code, and use some clever software to
> (hopefully) securely estimate the entropy collected, avoiding the most
> common reasons for TRNG failures in embedded systems.
Other question is why isn't SRAM used more often as a source of randomness?
Uninitalized SRAM (depending upon SRAM design) can have a few percent of bits
that are indeterminate upon power up, and w/ many machines having at least 10's
of KB of SRAM, if not MB's of SRAM on modern cpus, hashing that state and using
it is a great way. Add in the ability to turn off/drain a bank of SRAM if you
want to be able to reseed.
Once you get 256-bits of entropy, you're set, and don't really need to reseed:
https://blog.cr.yp.to/20140205-entropy.html
P.S. I happen to be in the middle of writing a blog post on how to do entropy
harvesting on microcontrollers.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list