[Cryptography] Duh, why aren't most embedded TRNGs designed this way?

Kent Borg kentborg at borg.org
Mon May 17 12:28:37 EDT 2021 

On 5/13/21 8:48 AM, Ron Garret wrote:
> The hard part is not finding good sources of entropy.  The hard part 
> is protecting that source against tempest attacks and other forms of 
> eavesdropping.

No.

The hard part about RNGs is that when they fail, they usually do so 
silently.


A dirty little secret about pretty much all software is we really don't 
have any idea whether it works other than "It seems to work!". We don't 
find bugs by carefully looking for them, we find bugs experimentally. We 
mostly find bugs when some feature stops working and we get bit.

RNGs are special because RNG failures ranging from backdoored hardware 
to terrible HW design to terrible algorithms to terrible seeds to no 
seed at all to zeros as keys to "Um, it wasn't hooked up, the RNG isn't 
even in shipping product." all look about the same experimentally: The 
software will probably seem to work.


As for tempest attacks, if someone can read your internal RNG state 
through unintended emissions you are in /such/ deep trouble: the same 
someone can probably—and more easily—read all your IO (mouse, keyboard, 
display, subsystem interconnect, etc.), and at that point the RNG state 
probably isn't very interesting anymore. RNG is just a component, and 
its security is always overshadowed by general system security, once 
your system is blown open RNG state is the least of your worries.

Tempest is a red herring here, don't be distracted by it, be terrified 
that the larger system containing the RNG was just thrown together and 
full of bugs.


[Yes, tempest attacks are a problem, but only regarding nearby 
attackers, and only for those who are quite motivated, and willing to 
buy and deploy and run and risk detection of significant hardware.

Tempest is something very high value, paranoid, and air-gapped targets 
need to worry about. Far more terrifying are things such as buffer 
overflows in every other device in real life.]


-kb

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210517/e26748e9/attachment.htm>

More information about the cryptography mailing list