[cryptography] Enranda: 4MB/s Userspace TRNG

Krisztián Pintér pinterkr at gmail.com
Thu May 28 04:04:25 EDT 2015


On Thu, May 28, 2015 at 6:59 AM, James A. Donald <jamesd at echeque.com> wrote:

> The system can be thought of as pseudorandom number generator that is
> continually seeded by a small amount of true randomness.

beware about seeding. as the wisdom goes, once you seeded your prng
with at least 128 bit entropy, you don't need to seed it anymore. but
this is true only if you use a csprng. that is, a system that hides
its internal state no matter how much output you observe. i have a
strong guess that the CPU is not a csprng.

you can reseed. but if you do, make sure you do it with at least 128
bit at a time. if you add entropy in small chunks, an attacker knowing
the previous internal state and observes the output can brute force
search for the added entropy.

> How much true randomness is an empirical question.  I rather think that for
> normal systems, connected to the internet and physical disk drives, that is
> quite a lot of true randomness.

can be, but we still need an estimation. saying that the entropy comes
from the CPU, and is 4Mb/s is false advertising.

compare these statements:

A, our method generates 4Mb/s true randomness

B, we believe that on a desktop pc, with network, hdd, keyb, etc,
after booting a regular opsys, we have at least 128 bit. we also
believe that the CPU as a mathematical system combined with our
extractor together form a csprng.

quite different, aren't they?


More information about the cryptography mailing list