Re: Use of TPM chip for RNG?
Peter Gutmann wrote: You have to be pretty careful here. Most of the TPM chips are just rebadged smart cards, and the RNGs on those are often rather dubious. A standard technique is to repeatedly encrypt some stored seed with an onboard block cipher (e.g. DES) as your RNG. Beyond the obvious attacks (DES as a PRNG isn't particularly strong) there are the usual paranoia concerns (how do we know the manufacturer doesn't keep a log of the seed and key?) and stupidity concerns (all devices use the same hardwired key, which some manufacturers have done in the past). There are also active attacks possible, e.g. request values from the device until the EEPROM locks up, after which you get constant random values. Finally, some devices have badly-designed challenge-response protocols that give you an infinite amount of RNG output to analyse, as well as helping cycle the RNG to lockup. One of the issues for a long time for that class of chips is whether on-chip key-gen and/or supported DSA (and/or ECDSA) were in use ... processes where reasonable good RNG are integral to the operation. at one point there was tests for a collection of chips in that class that perform 65k power-cycle/RNG operations and found that something like 30 percent of the numbers were repeated. however, at least some of the TPM chips have RNGs that have some level of certification (although you might have to do some investigation to find out what specific chip is being used for TPM). - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Use of TPM chip for RNG?
On 7/3/06, Leichter, Jerry [EMAIL PROTECTED] wrote: You're damned if you do and damned if you don't. Would you want to use a hardware RNG that was *not* inside a tamper-proof package - i.e., inside of a package that allows someone to tamper with it? Yes. If someone has physical access to your equipment, they could compromise it. On the other hand, if you have access to it, you can establish a baseline and check it for changes. I recall the book titled Computer Security by Carroll suggested taking polaroids of all your equipment, and from each window, and other even more paranoid things. As a non-sequitur, in the first edition, he had the following wonderful quote on the dust jacket: ``Computer crime has become the glamor crime of the 1970s...'' Perhaps he was a bit ahead of his time. A spiked RNG of the kind you describe is at least somewhat fixable: Choose a fixed secret key and encrypt the output of the generator with the key before using it ... nor do you have to fix it for good.) Were you to periodically take the output of the generator and use it as a new key, you would have something remarkably similar to the fortuna and yarrow PRNGs. If you don't do something like that, you have cycle lengths equal to your input's cycle length, which for the designs we've been discussing, is fixed, so pretty easy to distinguish from random (assuming you have access to enough output). -- Resolve is what distinguishes a person who has failed from a failure. Unix guru for sale or rent - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Use of TPM chip for RNG?
On 7/2/06, Peter Gutmann [EMAIL PROTECTED] wrote: You have to be pretty careful here. Most of the TPM chips are just rebadged smart cards, and the RNGs on those are often rather dubious. My last email of the day, I promise ;-) And if you're interested in some of the smart card developments, you might want to check out these proceedings: http://www.usenix.org/publications/library/proceedings/smartcard99/technical.html http://www.usenix.org/publications/library/proceedings/cardis02/tech.html -- Resolve is what distinguishes a person who has failed from a failure. Unix guru for sale or rent - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum RNG (was: Use of TPM chip for RNG)
About RNG, does someone in the list have any comment, ideas on this http://www.idquantique.com/products/quantis.htm Quantis is a physical random number generator exploiting an elementary quantum optics process. Photons - light particles - are sent one by one onto a semi-transparent mirror and detected. The exclusive events (reflection - transmission) are associated to 0 - 1 bit values. Just curious of your opinion. Andrea -- Andrea Pasquinucci [EMAIL PROTECTED] PGP key: http://www.ucci.it/ucci_pub_key.asc fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Use of TPM chip for RNG?
Travis H. wrote: http://www.usenix.org/publications/library/proceedings/smartcard99/technical.html http://www.usenix.org/publications/library/proceedings/cardis02/tech.html and even this ... having to resort to the wayback machine http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html includes mention of yes card attack (end of last paragraph). however, the yes card attack is really an attack on the terminals (and the infrastructure implementation) ... not on cards. a few posts discussing yes card http://www.garlic.com/~lynn/aadsm24.htm#1 UK Detects Chip-AND-Pin Security Flaw http://www.garlic.com/~lynn/aadsm24.htm#14 Naked Payments IV - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Use of TPM chip for RNG?
| On 7/3/06, Leichter, Jerry [EMAIL PROTECTED] wrote: | You're damned if you do and damned if you don't. Would you want to use a | hardware RNG that was *not* inside a tamper-proof package - i.e., inside | of a package that allows someone to tamper with it? | | Yes. If someone has physical access to your equipment, they could | compromise it. On the other hand, if you have access to it, you can | establish a baseline and check it for changes. This assumes an odd definition of tamper-proof: I can't look inside, but the bad guys can change it without my knowing. There are such things around - all too many of them; your typical Windows PC, for most people, is a great examplar of the class - but no one describes them as tamper-proof. Tamper-proof means that *no one* can change the thing. Obviously, this is a matter of degree, and tamper-resistant is a much better description. But there are devices considered tamper-resistent against very well-funded, very technologically adept adversaries. |I recall the book | titled Computer Security by Carroll suggested taking polaroids of | all your equipment, and from each window, and other even more paranoid | things which is yet another issue, that of tamper-evident design. If your design isn't tamper-evident - which again is a matter of degree - it's unlikely your pictures will do you much good against even a moderately sophisticated attacker. With physical access and no tamper evidence, a couple of minutes with a USB stick is all that's necessary to insert some rather nasty code, which you have little hope of detecting, whether by physical or software means. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum RNG
Andrea Pasquinucci wrote: http://www.idquantique.com/products/quantis.htm Quantis is a physical random number generator exploiting an elementary quantum optics process. Photons - light particles - are sent one by one onto a semi-transparent mirror and detected. The exclusive events (reflection - transmission) are associated to 0 - 1 bit values. Just curious of your opinion. This is discussed at http://www.av8n.com/turbid/paper/turbid.htm#sec-hrng-attack Quantum processes are in some very narrow theoretical sense more fundamentally random than other sources of randomness, such as thermal noise ... but they are not better in any practical sense. The basic quantum process is less sensitive to temperature than a purely thermal process ... but temperature dependence is easily accounted for in any practical situation, and -- more importantly -- there are all sorts of other practical considerations (such as detector dead-time issues) that make real quantum detectors far from ideal. The devil is in the details, and obtaining the raw data from a quantum process is nowhere near necessary and nowhere near sufficient to make a good randomness generator. I have no idea whether the quantis generator got the devilish details right ... but in any case, there are easier ways to make a generator that is just as good, or better. For details, see http://www.av8n.com/turbid/paper/turbid.htm - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum RNG (was: Use of TPM chip for RNG)
On 7/4/06, Andrea Pasquinucci [EMAIL PROTECTED] wrote: About RNG, does someone in the list have any comment, ideas on this http://www.idquantique.com/products/quantis.htm Why? Noise-based RNGs are just as random and just as quantum. :) -- Taral [EMAIL PROTECTED] You can't prove anything. -- Gödel's Incompetence Theorem - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Irish eVoting Vetoed
The Irish government's commission's report on the NEDAP/Powervote system has been published. (PDFs on the site) http://www.cev.ie/htm/report/download_second.htm As a secure system, it leaves a lot to be desired and it seems to be an example in how not to implement an eVoting system. Just reading the report, I am beginning to wonder which has more holes - a lump of activated charcoal or this eVoting system. Regards...jmcc - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Use of TPM chip for RNG?
Peter Gutmann wrote: [EMAIL PROTECTED] (Hal Finney) writes: A few weeks ago I asked for information on using the increasingly prevalent built-in TPM chips in computers (especially laptops) as a random number source. You have to be pretty careful here. Most of the TPM chips are just rebadged smart cards, and the RNGs on those are often rather dubious. A standard technique is to repeatedly encrypt some stored seed with an onboard block cipher (e.g. DES) as your RNG. Beyond the obvious attacks (DES as a PRNG isn't particularly strong) there are the usual paranoia concerns (how do we know the manufacturer doesn't keep a log of the seed and key?) and stupidity concerns (all devices use the same hardwired key, which some manufacturers have done in the past). There are also active attacks possible, e.g. request values from the device until the EEPROM locks up, after which you get constant random values. Finally, some devices have badly-designed challenge-response protocols that give you an infinite amount of RNG output to analyse, as well as helping cycle the RNG to lockup. Glad to see some new information in a thread that is otherwise giving me a huge sense of deja vu. So ... where are these rebadged smartcards deployed? Who rebadges them? So the only hardware RNG I'd trust is one of the noise-based ones on full- scale crypto processors like the Broadcom or HiFn devices, or the Via x86's. There are some smart-card vendors who've tried to replicate this type of generator in a card form-factor device, but from what little technical info is available about generators on smart cards it seems to be mostly smoke and mirrors. (As an extension of this, the lack of access to a TPM's RNG isn't really any great loss. If it's there, you can mix it opportunistically into your own RNG, but I wouldn't rely on it). +1. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Use of TPM chip for RNG?
On Mon, Jul 03, 2006 at 10:41:05AM -0600, Anne Lynn Wheeler wrote: however, at least some of the TPM chips have RNGs that have some level of certification (although you might have to do some investigation to find out what specific chip is being used for TPM). See one of the examples in my other message today in this thread (subject changed as an aid to new readers) for an example of why you should *not* trust such certifications as evidence that the RNG is any good. Summary: I have encountered one such RNG that was FIPS-140 certified as a Deterministic RNG but whose hardware inputs the vendor refused to disclose, which I find extremely suspicious. It is possible to get a DRNG certified without careful analysis of what its input is; I have personally seen this happen and heard of more instances even after NIST gave specific guidance to the contrary. -- Thor Lancelot Simon[EMAIL PROTECTED] We cannot usually in social life pursue a single value or a single moral aim, untroubled by the need to compromise with others. - H.L.A. Hart - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Dirty Secrets of noise based RNGs
On Mon, Jul 03, 2006 at 02:31:10PM +1200, Peter Gutmann wrote: So the only hardware RNG I'd trust is one of the noise-based ones on full- scale crypto processors like the Broadcom or HiFn devices, or the Via x86's. There are some smart-card vendors who've tried to replicate this type of generator in a card form-factor device, but from what little technical info is available about generators on smart cards it seems to be mostly smoke and mirrors. Do you actually know of publically available documentation on the design and implementation of *any* of these noise based RNGs? I have spent some time looking, and I do not. Here is what I do know: 1) There's one exception: Hifn documents the RNG used on their 65xx and can, upon request, provide documentation on exactly how the version on the common 79xx chips differs from this design. They also provide a fairly good analysis (practical and theoretical) of the design's strength. BUT 2) Hifn used to make this documentation publically available but access to it now requires permission from Hifn sales -- it has been password protected on their public web site. In other words, after years of design wins based on little but open-source friendliness (after all, Hifn's chips are no faster, often slower, than others', and notoriously buggy) they are now, at least on this issue, biting the hand that feeds them. 3) Broadcom makes no RNG documentation, much less analysis, publically available. If you're using their RNG without NDA documentation that may or may not even exist, it's on a trust us...really! basis. 4) Neither does any other crypto vendor for whose products open-source drivers are available, AFAICT. 5) Some general-purpose CPU and motherboard chipset vendors include RNGs in their product. Intel used to do so, and had a very good analysis of their product available. But then they muddied the water by making it impossible to tell which chips had real RNGs on them and which just had junk registers sampling who knows what -- probably bus noise in some cases. And they now call the RNG product end of life. AMD has an RNG on their host chipset for Opteron, as they did on their last server chipset for Athlon MP. But they do not document how it works nor provide any analysis of its strength. I have not had time to investigate the situation vis-a-vis VIA. I am told it's somewhat better, but I was told the Broadcom stuff was trustworthy, too, and then I found out that the person who said so did not really have documentation either! 6) I have run into one implementation of an RNG on a crypto processor from a major vendor that is actually clearly, once one reads between the lines of its documentation, an X9.31 Deterministic RNG using the symmetric crypto functionality of the chip. The vendor's documentation is silent as to what the actual entropy source is, and they *did not respond to a direct inquiry* on the subject. This product is FIPS-140 certified; but it was clearly designed *only* to pass certification, and for obvious reasons, you should not trust it! A good FIPS-140 test lab should follow the guidance from NIST that the input source to the D. RNG must not contain less entropy than the output. But it is possible to sneak almost anything past a test lab if you're crafty about it and this vendor's refusal to disclose to a high-volume customer where the input bits come from is really scary. These all add up to vendors are doing things with their 'noise-based' RNGs that should *really* scare you. If you are specifying such a RNG for deployment, and you have any leverage over the vendor who makes it, I strongly urge you to make disclosure of how it works, including any analysis they've done, a condition of your use of their product. The Intel and Hifn white papers are good examples of what *every* vendor should be willing to publically disclose, if their RNG design does not give them something to hide. -- Thor Lancelot Simon[EMAIL PROTECTED] We cannot usually in social life pursue a single value or a single moral aim, untroubled by the need to compromise with others. - H.L.A. Hart - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]