[Cryptography] Duh, why aren't most embedded TRNGs designed this way?
Kent Borg
kentborg at borg.org
Mon May 17 12:28:37 EDT 2021
On 5/13/21 8:48 AM, Ron Garret wrote:
> The hard part is not finding good sources of entropy. The hard part
> is protecting that source against tempest attacks and other forms of
> eavesdropping.
No.
The hard part about RNGs is that when they fail, they usually do so
silently.
A dirty little secret about pretty much all software is we really don't
have any idea whether it works other than "It seems to work!". We don't
find bugs by carefully looking for them, we find bugs experimentally. We
mostly find bugs when some feature stops working and we get bit.
RNGs are special because RNG failures ranging from backdoored hardware
to terrible HW design to terrible algorithms to terrible seeds to no
seed at all to zeros as keys to "Um, it wasn't hooked up, the RNG isn't
even in shipping product." all look about the same experimentally: The
software will probably seem to work.
As for tempest attacks, if someone can read your internal RNG state
through unintended emissions you are in /such/ deep trouble: the same
someone can probably—and more easily—read all your IO (mouse, keyboard,
display, subsystem interconnect, etc.), and at that point the RNG state
probably isn't very interesting anymore. RNG is just a component, and
its security is always overshadowed by general system security, once
your system is blown open RNG state is the least of your worries.
Tempest is a red herring here, don't be distracted by it, be terrified
that the larger system containing the RNG was just thrown together and
full of bugs.
[Yes, tempest attacks are a problem, but only regarding nearby
attackers, and only for those who are quite motivated, and willing to
buy and deploy and run and risk detection of significant hardware.
Tempest is something very high value, paranoid, and air-gapped targets
need to worry about. Far more terrifying are things such as buffer
overflows in every other device in real life.]
-kb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210517/e26748e9/attachment.htm>
More information about the cryptography
mailing list