<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<div class="moz-cite-prefix">On 5/13/21 8:48 AM, Ron Garret wrote:<br>
</div>
<blockquote type="cite"
cite="mid:636B9E11-8A4F-4553-894F-E52013A1128A@flownet.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
The hard part is not finding good sources of entropy. The hard
part is protecting that source against tempest attacks and other
forms of eavesdropping.</blockquote>
<p>No.</p>
<p>The hard part about RNGs is that when they fail, they usually do
so silently.</p>
<p><br>
</p>
<p>A dirty little secret about pretty much all software is we really
don't have any idea whether it works other than "It seems to
work!". We don't find bugs by carefully looking for them, we find
bugs experimentally. We mostly find bugs when some feature stops
working and we get bit.<br>
</p>
<p>RNGs are special because RNG failures ranging from backdoored
hardware to terrible HW design to terrible algorithms to terrible
seeds to no seed at all to zeros as keys to "Um, it wasn't hooked
up, the RNG isn't even in shipping product." all look about the
same experimentally: The software will probably seem to work.<br>
</p>
<p><br>
</p>
<p>As for tempest attacks, if someone can read your internal RNG
state through unintended emissions you are in <i>such</i> deep
trouble: the same someone can probably—and more easily—read all
your IO (mouse, keyboard, display, subsystem interconnect, etc.),
and at that point the RNG state probably isn't very interesting
anymore. RNG is just a component, and its security is always
overshadowed by general system security, once your system is blown
open RNG state is the least of your worries. <br>
</p>
<p>Tempest is a red herring here, don't be distracted by it, be
terrified that the larger system containing the RNG was just
thrown together and full of bugs.<br>
</p>
<p><br>
</p>
<p>[Yes, tempest attacks are a problem, but only regarding nearby
attackers, and only for those who are quite motivated, and willing
to buy and deploy and run and risk detection of significant
hardware.</p>
<p>Tempest is something very high value, paranoid, and air-gapped
targets need to worry about. Far more terrifying are things such
as buffer overflows in every other device in real life.]<br>
</p>
<p><br>
</p>
<p>-kb</p>
</body>
</html>