[cryptography] Enranda: 4MB/s Userspace TRNG

Russell Leidich pkejjy at gmail.com
Tue May 26 21:14:09 EDT 2015


"you are patient and friendly in response to me, a jerk flinging opinions!"

No worries, coderman. No one ever got into cryptography to bask in the
charm of one's peers. Besides, I'm willing to put up with a lot in order to
get constructive criticism. (So relax, Stuart Christmas...) So yeah, when
you get time, your concerns are of interest to me and so-many lurkers here.

"Bounty, as in compensation for a successful attack in the form of digital
currency :P"

Cool! Anyone have suggestions for (1) defining a successful attack and (2)
how much $ we should post for it? (Obviously, "I broke Enranda by
exploiting a kernel vuln" doesn't count.)

"i am glad the post-quantum hardness has constraints, regarding the rest,
another tangent."

Yeah, I should have explained "postquantum" better. It had nothing to do
with X86 hardware (or even the marketing department). It was a reference to
the complexity of modeling the timedelta stream sufficiently well to
predict anything useful post-trapdoor, even if you have the powers of
Grover search. (This goes into permutative trapdoors and order-sensitivity,
etc.)

"i trust them more if the design provides raw sample access and the
observed entropy density, bias, failure modes, as observed over extended
sanity and continuous run-checks on the sampled bit stream."

That makes good practical sense. Again, I have nothing against DIYing one's
own hardware TRNG. I believe there's one on Kickstarter for those who want
to investigate.

On Tue, May 26, 2015 at 10:05 PM, coderman <coderman at gmail.com> wrote:

> On 5/26/15, Russell Leidich <pkejjy at gmail.com> wrote:
> > ...
> > I would welcome your longer reply,
>
> you are patient and friendly in response to me,
>  a jerk flinging opinions!
>
> i will send a longer response about my specific concerns for these
> types of entropy gathering when time permits - thank you for courtesy
> un-deserved!
>
>
>
> > ... how do you envision this BTC...
>
> Bounty, as in compensation for a successful attack in the form of
> digital currency :P
>
> no matter, i am compelled to delineate concerns and risks, as said above.
>
>
>
> > And yes, it's totally legit to attack Enranda by executing a
> > process on the same CPU, for example, in another terminal window on a
> > single-CPU system. For that matter, what other attacks do you foresee?
>
> i am glad the post-quantum hardness has constraints, regarding the rest,
>  another tangent.
>   as said above.
>
>
>
> > I won't argue with your point about hardware TRNGs being superior to
> > software ones. If you trust your chip vendor, then it all works just
> fine.
>
> i trust them more if the design provides raw sample access and the
> observed entropy density, bias, failure modes, as observed over
> extended sanity and continuous run-checks on the sampled bit stream.
>
> ... CPU instructions another tangent, which i've written about
> separately wrt RDRAND/RDSEED vs. XSTORE entropy sources.
>
>
>
> best regards, and my apologies for first,
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150527/241bb2c7/attachment.html>


More information about the cryptography mailing list