[146966] in cryptography@c2.net mail archive
Re: [Cryptography] Thoughts on hardware randomness sources
daemon@ATHENA.MIT.EDU (Marcus D. Leech)
Tue Sep 10 15:07:46 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 10 Sep 2013 12:30:06 -0400
From: "Marcus D. Leech" <mleech@ripnet.com>
To: cryptography@metzdowd.com
In-Reply-To: <20130910160405.GI20423@pepperfish.net>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 09/10/2013 12:04 PM, Rob Kendrick wrote:
>> I wonder what people's opinions are on things like the randomsound
>> daemon that is available for Linux.
> Daniel Silverstone, the author, specifically advises people to not use
> it. :)
I haven't actually looked at the code. Conceptually, anything with an
ADC can produce thermal and or 1/f noise in the lowest-order bits.
Even if it's somewhat biased (like having 60Hz hum embedded in it),
with a suitable whitening function, it should produce
high-quality entropy at rates of at least several hundred bits/second.
The idea is to have *diversity* of physical random sources, to make it
difficult for "bad actors" to subvert said hardware.
It's fairly easy to "audit" these sources of random bits, since said
bits won't have had any processing done to them in support of their random
properties (unlike the Intel HW RNG).
But this is just one aspect of a much-larger problem of "trusting trust"
(in the Thompson sense).
--
Marcus Leech
Principal Investigator
Shirleys Bay Radio Astronomy Consortium
http://www.sbrac.org
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography