On Wed, Nov 24, 2010 at 2:16 PM, Marsh Ray <[email protected]> wrote: > ... > So are you saying it is or it isn't Cloud-Compliant?
hah, i rant at length on the mistaken security assumptions of cloud computing. (remember when it was grid computing?, and before that ...) i'll try to stay on topic. *grin* > What frequency are these oscillators? Does it change with voltage? > Temperature? External RF sources? Other (possibly malicious) activity on the > chip? How much does it vary with manufacturing process or across individual > samples? Too much? Too little? in the case of a Padlock engine the hwrng implementation uses three 450-810Mhz free wheeling oscillators that are adjusted via a "bias" control, and a sampling oscillator running at 20-68 MHz. i tend to run these at full bias but originally they intended a measured setting coupled to the von Neumann whitener with a much more meager sampling of bits. the key factor is speed. in a conservative low bias, whitened mode you can get a fraction of a Mbit/sec throughput but in a wide open (to be masked and mixed) configuration with dual sources this exceeds 100Mbit/sec easily. the full details are here: http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/evaluation_summary_padlock_rng.pdf the Intel RNGs are not actually on die, and i haven't been able to find technical details of the SPARC T3 N2RNG implementation. perhaps worth a follow up on Travis's RNG list... > Can they be measured externally? sure, if you've got the equipment. :) > What's the GCD of their frequencies? > Can they interact (e.g., over the power bus)? What prevents them from > drifting a bit and synchronizing to a nearby fixed ratio? the cryptography reasearch paper goes into details, and to some extent this isn't a concern if you are properly masking your hwrng output prior to mixing/use. just be sure you adjust entropy density accordingly. > Many chips have some A/D inputs, some have thermometers, etc. Most all have > some external hardware interrupts and reasonably-fast clocked internal > counters. Given all that, it's hard to explain how cosmic radio noise is > more of a "physical process" than the timing of network packets. it's about throughput. you can certainly use these sources for entropy gathering, but the accumulation rate is slowww compared to 100Mbit/sec or more with a hwrng designed for the purpose. > In the end it's hard to convince the unconverted that you have something > meaningfully better than what you could get from a pure software approach > (interrupt timing, etc). indeed. especially when there are so many other, more problematic details to get correct to actually *make use* of strong entropy sources effectively. like the Debian OpenSSL patch, it just takes one weak link... > Crypto enthusiasts seem to have a particular fascination with entropy > gathering an PRNGs for some reason. Perhaps that's because it appears to be > a relatively easy thing to get experiment with, and quite practical to make > something more or less impossible to break. Most of the time we spend our > efforts trying to eliminate the effects of entropy in our systems, it's fun > to think about the opposite for a change. probably true. i seem to care about it more than is reasonable :) best regards, _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
