On 27/01/11 19:19, Steven Bellovin wrote: > > On Jan 27, 2011, at 8:37 45AM, Len Sassaman wrote: > >> On Wed, 26 Jan 2011, Thierry Moreau wrote: >> >>> 2) a host plus some H/W for true random source >> >> Speaking of hardware entropy sources, has anyone analyzed the Simtek >> Electronics Entropy Key (http://www.entropykey.co.uk/)? It's a USB dongle, >> recommended to me by several remailer operators. To quote the web site: >> >> "The Entropy Key contains two high-quality noise generators, and an ARM >> Cortex CPU that actively measures, checks and confirms all generated random >> numbers, before encrypting them and sending them to the server. It also >> actively detects attempts to corrupt or sway the device. It aims towards >> FIPS-140-2 Level 3 compliance with some elements of Level 4, including >> tamper-evidence, tamper-proofing, role-based authentication, and >> environmental attacks. If it detects that one of its two generators has >> failed, may be about to fail, or if it detects a physical attack, it will >> automatically shut down." >> >> I have to wonder how it is 2010 and this sort of hardware isn't a standard >> motherboard component, but if the Entropy Key dongle is sound, it's an >> affordable solution to this problem. >> > Because every time someone ships such a device, people on this list and their > colleagues start screaming that (a) you can never tell if it's working > correctly; (b) it's closed hardware so that you don't know what it *really* > does; (c) that it's actually an NSA plot to start with. All the while, of > course, they're ignoring that you can, at the least, mix in as an additional > source of randomness, assuming you have good mixer -- and if you don't, your > other sources of randomness aren't being used properly, either. > > Yes, my cynicism is showing today.
My opinions exactly. Hence the request for openness regarding the firmware source. Just testing the hardware won't mean anything, it may catch a horrible design, but not something designed by the NSA. Best, Ray -- Rayservers http://www.rayservers.com/ Zurich: +41 43 5000 728 London: +44 20 30 02 74 72 Panama: +507 832 1846 San Francisco: +1 408 419 1978 USA Toll Free: +1 888 265 5009 10:00 - 24:00 GMT We prefer to be paid in gold Globals™ and silver Isles™ Global Standard™ - Global Settlement Foundation http://www.global-settlement.org/ Our PGP key 0x079CCE10 on http://keyserver.rayservers.com/ _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
