Charles Jackson wrote: > > I probably should not be commenting, not being a real device guy. But, > variations in temperature and time could be expected to change SSD timing. > Temperature changes will probably change the power supply voltages and shift > some of the thresholds in the devices. Oscillators will drift with changes > in temperature and voltage. Battery voltages tend to go down over time and > up with temperature. In addition, in some systems the clock frequency is > purposely swept over something like a 0.1% range in order to smooth out the > RF emissions from the device. (This can give a 20 or 30 dB reduction in > peak emissions at a given frequency. There is, of course, no change in > total emissions.) > > Combine all of these factors, and one can envision the SSD cycles taking > varying numbers of system clock ticks and consequently the low order bits of > a counter driven by a system clock would be "random." However, one would > have to test this kind of entropy source carefully and would have to keep > track of any changes in the manufacturing processes for both the SSD and the > processor chip. > > Is there anyone out there who knows about device timing that can say more?
As a chip wonk, without addressing SSD operational timing directly how much a clock can change is dependent on the accuracy over a period of time sufficient to be off by one or more clocks, implying long counter chain timing - slow entropy accumulation at best. Worse still, the error value when compared to an outside clock source would tend to be at a fixed rate, although you see minor variations based on temperature and voltage. The same things that make power analysis a valid attack also influence temperature and voltage. I'd expect you could manipulate second order effects by how the system is operated. Other than effects on frequency, temperature and voltage affect switching thresholds which can cause variability in delay in particular when crossing clock domains. These threshold delays can be strongly correlated. Dithered clocks are intended to only fool spectrum analyzers measuring peak power and are not based on entropy or second order effects. A PLL feedback pattern is typically masked by applying the output of a counter and look up table or combinatoric circuit. There is no disparity generated long term in clock high and low bauds, the counter makes the dithering periodic. Think short PRNG cyclically applying clock edge offsets and hitting all the positive and negative offsets equally. The two don't strike me as sufficient to construct an adequate ergodic system. Using a HDD as an 'entropy' source is based on operating an ergodic system where the preceding state is not readily predictable. The variability is based in part on sectors and cylinders, angular velocity, disk position and head position. All that variability can collapse in an SSD. Trying to rely on remaining secondary effects for loss of predictability could be countered by eliminating or reducing them. We design systems to not be readily influenced by secondary effects in the first place. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
