[cryptography] Hardware Randomizer (SE Android)
coderman at gmail.com
Mon Mar 5 15:28:11 EST 2012
On Mon, Mar 5, 2012 at 4:29 AM, Rob Kendrick <rjek at rjek.com> wrote:
> Although the Entropy Key does a huge amount of processing
> (comparitively) before delivering that 32kbit/s: it's already mixed the
> values from two sources, done entropy estimation, done FIPS statistical
> tests, and pooled the data.
yes; no two sources are created equal.
> I have no idea about the quality of VIA's numbers or what security they
> provide in hardware against attack or verification of quality of
> numbers. For all I know, they could just be exposing a noisy circuit
> directly via a register.
in the case of VIA XSTORE you can configure whitened output and
filtering, however, it is preferred to leave the output at maximum
throughput and leave the verification/processing to the entropy daemon
which in turn feeds the OS/host entropy pool.
this is the biggest difference between Entropy Key and other sources.
it does by itself what a TRNG+EGD would provide together.
More information about the cryptography