[cryptography] Enranda: 4MB/s Userspace TRNG
James A. Donald
jamesd at echeque.com
Thu May 28 00:59:49 EDT 2015
On 2015-05-27 22:14, Krisztián Pintér wrote:
> On Wed, May 27, 2015 at 3:12 AM, Russell Leidich <pkejjy at gmail.com> wrote:
>> "if your proposed method comes with a complex extractor, it is bullshit"
>> OK point well taken. I should offer a raw mode.
> no, you actually shouldn't. you should offer raw mode only. maybe some
> clever compression just to reduce the amount of data going into the
> slower secure whitening.
>> What this leaves behind is the aperiodic residue. Or more specifically,
>> ((the hashes (of all sequences)) that have not been seen in the last 2^16
>> such hashes). I realize that this isn't hard proof (as nothing in physical
>> hardware can be proven)
> this is much worse than "not a hard proof". it is next to nothing. you
> have a hypothesis, which you don't clearly state, and then you have a
> countermeasure, which you don't explain.
>> cache misses, pipeline stalls, CPU circuit clock gating, etc. that provide
>> the majority of the protoentropy.
> the CPU is a deterministic system. cache misses and all the other
> stuff are not random, but depend on previous instructions, thus the
> internal state of the cpu. this is NOT a source of entropy. the source
> of entropy comes from outside of the CPU, namely anything that changes
> its internal state. these are: responses from mass storage or other IO
> drivers, user input, network events, etc. that is: IRQs. the CPU as a
> system is chaotic, and so tiny differences in those inputs cause huge
> differences later. but this is NOT entropy. this is a completely
> deterministic process.
The system can be thought of as pseudorandom number generator that is
continually seeded by a small amount of true randomness.
But it truly is seeded by a small amount of true randomness.
How much true randomness is an empirical question. I rather think that
for normal systems, connected to the internet and physical disk drives,
that is quite a lot of true randomness.
If on the other hand, your system is booting up from ROM, then early in
the boot process, not much.
More information about the cryptography