[cryptography] [liberationtech] Random number generation being influenced - rumors

James A. Donald jamesd at echeque.com
Mon Sep 9 17:00:44 EDT 2013


     --
On 2013-09-09 3:18 PM, Greg Rose wrote:
 >>> I actually hate to point this out, but having access to
 >>> something that "looks like" a raw entropy source proves
 >>> nothing.

On 9/9/2013 5:12 AM, James A. Donald wrote:
 >> A genuine hardware noise source will show colored noise,
 >> which is very hard to simulate in software, and especially
 >> hard to simulate at any reasonable speed.

On 2013-09-10 1:11 AM, David Johnston wrote:
 > It's not 'very hard'. Just suppress long strings a bit.

Hard to suppress long strings by an amount that subtly varies
according to temperature and clock speed, and subtly varies
from one chip to the next.  And my reading of the circuit is that
you are also going to have to enhance short strings a bit.

 > > If the entropy source is real, it will show its analog
 > > characteristics leaking into the digital abstraction. The
 > > correlations and anti correlations between nearby bits
 > > will reflect the analog values of the circuit, thus no
 > > two chips will show quite the same correlations, and the
 > > correlations will vary with temperature and overclocking.
 > > These analog variations would be compelling evidence that
 > > the entropy source is the claimed circuit or something
 > > very like the claimed circuit.

 > Just because the entropy source is real doesn't mean it's
 > feeding the conditioner.

Which is why, if we had direct acess to the entropy source,
no one other than an NSA plant would use the on chip
conditioner.



More information about the cryptography mailing list