Re: Arduino HWRNG

Paul Rubin wrote:
toby <toby@xxxxxxxxxxxxxxxxxxx> writes:
http://robseward.com/misc/RNG2/

That looks terrible. The circuit was actually drifting enough to
affect the ratio of number of 1's to number of 0's.
The offending chips have been removed. I don't see any reason for the
above complaint.


A fix was put in
for that, but I don't see any attempt to remove other possible
correlations within the output stream.
And what would they be? The imbalance of 1's and 0's is dealt with via
the Von Neumann scheme and the only other correlations are autocorrelations
via the input cap C1 and that is something that almost no one
address even in "pro grade" TRNG - probably because they can be easily
made irrelevant.


You could attempt to distill
the output with a cryptographic hash function, but if you believe in
those, why are you messing with hardware RNG's, except to keep a
cryptographic RNG seeded?
Isn't that a valid use for a TRNG? Most RNG don't recover from having a
compromised state and some that can recover may take a long time to do so. Appropriately applied to a RNG a hardware TRNG provides both forward and backwards security.


In practice, for typical software applications where you don't trust
/dev/urandom and want a hardware seed, it's simplest to use a smart
card RNG or something similar,
You don't know jack *** about the smart card RNG, so at best it is a
hope that it is safe and isn't/can't be compromised.


rather than mess with custom circuitry
that's had no serious security design.
The same argument applies to the smart card RND in addition to the
argument that the smart card could be comprimised.


It's really unfortunate that they don't make the java ibuttons any
more. They were so cool.

.

Quantcast