[cryptography] Enranda: 4MB/s Userspace TRNG

Russell Leidich pkejjy at gmail.com
Thu May 28 18:25:12 EDT 2015

I'm the first to admit that I don't understand where the entropy is coming
from. I was actually surprised how uncompressible the timedelta stream
actually is (as shown by timedeltasave and timedeltaprofile, on my rather
idle system). Perhaps more of it is from DMAs competing for main memory
access, than cache transactions, for instance. In that case, the real
underlying entropy could be well into the megabits (for instance, video,
CPU, and main memory clocks competing with each other). Clearly James
Donald is correct that busier systems are richer in entropy, and I agree
that quantifying it is probably impossible, other than to offer some vague
upper bounds implied by clock frequencies and cache size.

4MB/s is the entropy rate from the internal perspective of Enranda. But in
any event, for the record, I agree with Krisztian Pinter's statement "B" if
you replace "CPU" with "complete computer system".

Russell Leidich

On Thu, May 28, 2015 at 8:04 AM, Krisztián Pintér <pinterkr at gmail.com>

> On Thu, May 28, 2015 at 6:59 AM, James A. Donald <jamesd at echeque.com>
> wrote:
> > The system can be thought of as pseudorandom number generator that is
> > continually seeded by a small amount of true randomness.
> beware about seeding. as the wisdom goes, once you seeded your prng
> with at least 128 bit entropy, you don't need to seed it anymore. but
> this is true only if you use a csprng. that is, a system that hides
> its internal state no matter how much output you observe. i have a
> strong guess that the CPU is not a csprng.
> you can reseed. but if you do, make sure you do it with at least 128
> bit at a time. if you add entropy in small chunks, an attacker knowing
> the previous internal state and observes the output can brute force
> search for the added entropy.
> > How much true randomness is an empirical question.  I rather think that
> for
> > normal systems, connected to the internet and physical disk drives, that
> is
> > quite a lot of true randomness.
> can be, but we still need an estimation. saying that the entropy comes
> from the CPU, and is 4Mb/s is false advertising.
> compare these statements:
> A, our method generates 4Mb/s true randomness
> B, we believe that on a desktop pc, with network, hdd, keyb, etc,
> after booting a regular opsys, we have at least 128 bit. we also
> believe that the CPU as a mathematical system combined with our
> extractor together form a csprng.
> quite different, aren't they?
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150528/3afa29ad/attachment.html>

More information about the cryptography mailing list