[cryptography] OneRNG kickstarter project looking for donations

Ben Laurie ben at links.org
Tue Dec 16 05:23:12 EST 2014


On 15 December 2014 at 19:18, ianG <iang at iang.org> wrote:
> https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator
>
> About this project
>
> After Edward Snowden's recent revelations about how compromised our internet
> security has become some people have worried about whether the hardware
> we're using is compromised - is it? We honestly don't know, but like a lot
> of people we're worried about our privacy and security.
>
> What we do know is that the NSA has corrupted some of the random number
> generators in the OpenSSL software we all use to access the internet, and
> has paid some large crypto vendors millions of dollars to make their
> software less secure. Some people say that they also intercept hardware
> during shipping to install spyware.

I don't really get the relevance to OpenSSL - Dual EC DRBG was
vulnerable regardless of the entropy source. And, as already
mentioned, not actually vulnerable in OpenSSL anyway.

> We believe it's time we took back ownership of the hardware we use day to
> day. This project is one small attempt to do that - OneRNG is an entropy
> generator, it makes long strings of random bits from two independent noise
> sources that can be used to seed your operating system's random number
> generator. This information is then used to create the secret keys you use
> when you access web sites, or use cryptography systems like SSH and PGP.
>
> Openness is important, we're open sourcing our hardware design and our
> firmware, our board is even designed with a removable RF noise shield (a
> 'tin foil hat') so that you can check to make sure that the circuits that
> are inside are exactly the same as the circuits we build and sell. In order
> to make sure that our boards cannot be compromised during shipping we make
> sure that the internal firmware load is signed and cannot be spoofed.

I am curious if there's any evidence that avalanche diodes and Zigbee
receivers are immune to outside influence (one would've thought not in
the case of the receiver, at least, which is designed to be influenced
by the outside)?


More information about the cryptography mailing list