[cryptography] Enranda: 4MB/s Userspace TRNG

James A. Donald jamesd at echeque.com
Thu May 28 00:59:49 EDT 2015


On 2015-05-27 22:14, Krisztián Pintér wrote:
> On Wed, May 27, 2015 at 3:12 AM, Russell Leidich <pkejjy at gmail.com> wrote:
>> "if your proposed method comes with a complex extractor, it is bullshit"
>>
>> OK point well taken. I should offer a raw mode.
>
> no, you actually shouldn't. you should offer raw mode only. maybe some
> clever compression just to reduce the amount of data going into the
> slower secure whitening.
>
>> What this leaves behind is the aperiodic residue. Or more specifically,
>> ((the hashes (of all sequences)) that have not been seen in the last 2^16
>> such hashes). I realize that this isn't hard proof (as nothing in physical
>> hardware can be proven)
>
> this is much worse than "not a hard proof". it is next to nothing. you
> have a hypothesis, which you don't clearly state, and then you have a
> countermeasure, which you don't explain.
>
>
>> cache misses, pipeline stalls, CPU circuit clock gating, etc. that provide
>> the majority of the protoentropy.
>
> the CPU is a deterministic system. cache misses and all the other
> stuff are not random, but depend on previous instructions, thus the
> internal state of the cpu. this is NOT a source of entropy. the source
> of entropy comes from outside of the CPU, namely anything that changes
> its internal state. these are: responses from mass storage or other IO
> drivers, user input, network events, etc. that is: IRQs. the CPU as a
> system is chaotic, and so tiny differences in those inputs cause huge
> differences later. but this is NOT entropy. this is a completely
> deterministic process.

The system can be thought of as pseudorandom number generator that is 
continually seeded by a small amount of true randomness.

But it truly is seeded by a small amount of true randomness.

How much true randomness is an empirical question.  I rather think that 
for normal systems, connected to the internet and physical disk drives, 
that is quite a lot of true randomness.

If on the other hand, your system is booting up from ROM, then early in 
the boot process, not much.




More information about the cryptography mailing list