Re: [cryptography] Enranda: 4MB/s Userspace TRNG
On 5/26/15, Kevin kevinsisco61...@gmail.com wrote: Are we talking about entropy taken from hard drive turbulence, the keyboard or mouse, heat decay, or what? ... requiring nothing but a timer (ideally, the CPU timestamp counter) for comparison, i run XSTORE on 1Ghz Padlock enabled processor at 100Mbps. better than nothing, but not close to an actual hw entropy system. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Enranda: 4MB/s Userspace TRNG
On 5/25/15, Russell Leidich pke...@gmail.com wrote: ... Enranda is a cryptographically secure (in the postquantum sense) true random number generator requiring nothing but a timer (ideally, the CPU timestamp counter). It produces roughly 4 megabytes of noise per second, which puts it in the same bandwidth league as physical quantum dot entropy sources (from camera pixel noise). Russell these claims are laughable and unsupported in ways you don't even understand. others may provide constructive criticism, as you seem sincere in your desire for building useful entropy collection. but this solution is worse than nothing, as it provides absurd claims of false security. best regards, ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Enranda: 4MB/s Userspace TRNG
On 5/25/2015 11:01 PM, Russell Leidich wrote: As annouced here in the original Jytter blog: http://jytter.blogspot.com It has been a long 3 years since Jytter was released. Enranda is now available for download, analysis, and criticism. It's open source with awesome licensing terms, courtesy of Tigerspike: http://tigerspike.com Enranda is a cryptographically secure (in the postquantum sense) true random number generator requiring nothing but a timer (ideally, the CPU timestamp counter). It produces roughly 4 megabytes of noise per second, which puts it in the same bandwidth league as physical quantum dot entropy sources (from camera pixel noise). It would be easy to reach much higher bandwidths by reading the timer in a tight loop while feeding it into a PRNG, but probably not safely so. The documentation goes to considerable lengths to explain this assertion. If you can demonstrate that Enranda is biased in a measurable way, or simply buggy, then you rock. You can get the commandline demo, the documentation, and even a text capture of the live demo at: http://enranda.blogspot.com By the way, Enranda's hardness is based in part on Dyspoissometer, a new statistical analysis package focussed on measuring dyspoissonism, that is, the extent to which a discrete set deviates from what we would asymptotically consider to be a Poisson distribution. You can get the demo, the documentation, and a demo capture at: http://dyspoissonism.blogspot.com May your ideas be random! Russell Leidich ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography Are we talking about entropy taken from hard drive turbulence, the keyboard or mouse, heat decay, or what? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Enranda: 4MB/s Userspace TRNG
On 5/26/2015 2:01 PM, coderman wrote: On 5/25/15, Russell Leidich pke...@gmail.com wrote: ... Enranda is a cryptographically secure (in the postquantum sense) true random number generator requiring nothing but a timer (ideally, the CPU timestamp counter). It produces roughly 4 megabytes of noise per second, which puts it in the same bandwidth league as physical quantum dot entropy sources (from camera pixel noise). Russell these claims are laughable and unsupported in ways you don't even understand. others may provide constructive criticism, as you seem sincere in your desire for building useful entropy collection. but this solution is worse than nothing, as it provides absurd claims of false security. best regards, ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography And I did for one indeed question this system. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Enranda: 4MB/s Userspace TRNG
On 5/26/2015 1:46 PM, coderman wrote: On 5/26/15, Kevin kevinsisco61...@gmail.com wrote: Are we talking about entropy taken from hard drive turbulence, the keyboard or mouse, heat decay, or what? ... requiring nothing but a timer (ideally, the CPU timestamp counter) for comparison, i run XSTORE on 1Ghz Padlock enabled processor at 100Mbps. better than nothing, but not close to an actual hw entropy system. Got it. Don't know how I missed that. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Enranda: 4MB/s Userspace TRNG
On 5/26/15, coderman coder...@gmail.com wrote: ... others may provide constructive criticism, as you seem sincere in your desire for building useful entropy collection. but this solution is worse than nothing, as it provides absurd claims of false security. speaking of, ''' 'If you can demonstrate that Enranda is biased in a measurable way, or simply buggy, then you rock.''' - how about a BTC bounty to show any amount of bias, even against local attacker sharing processor? then i'll at least write a longer reply :P best regards, a lover and hater of unpredictability and entropy, most of all when they diverge! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Enranda: 4MB/s Userspace TRNG
Hi coderman, I would welcome your longer reply, which would surely interest others here, as well. For starters, how do you envision this BTC boundary attack occurring? And yes, it's totally legit to attack Enranda by executing a process on the same CPU, for example, in another terminal window on a single-CPU system. For that matter, what other attacks do you foresee? I won't argue with your point about hardware TRNGs being superior to software ones. If you trust your chip vendor, then it all works just fine. Russell Leidich On Tue, May 26, 2015 at 7:47 PM, coderman coder...@gmail.com wrote: On 5/26/15, coderman coder...@gmail.com wrote: ... others may provide constructive criticism, as you seem sincere in your desire for building useful entropy collection. but this solution is worse than nothing, as it provides absurd claims of false security. speaking of, ''' 'If you can demonstrate that Enranda is biased in a measurable way, or simply buggy, then you rock.''' - how about a BTC bounty to show any amount of bias, even against local attacker sharing processor? then i'll at least write a longer reply :P best regards, a lover and hater of unpredictability and entropy, most of all when they diverge! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Timeline graphic of hacking attacks
http://RecentHacks.com This new site has a timeline of hacking attacks (Target, Sony, Tesla, etc.). You can click on an attack and see a summary. It starts early 2013. Though it's a new site, I find it surprisingly useful -- both to recall what an attack was, and to get a feel for the range of attacks out there. Built by security jock Paul Chen. Mike ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Timeline graphic of hacking attacks
On 26/05/2015 22:28 pm, Michael Nelson wrote: http://RecentHacks.com http://recenthacks.com/ This new site has a timeline of hacking attacks (Target, Sony, Tesla, etc.). You can click on an attack and see a summary. It starts early 2013. Though it's a new site, I find it surprisingly useful -- both to recall what an attack was, and to get a feel for the range of attacks out there. Built by security jock Paul Chen. That's a keeper, definitely gets a link on my CA history of threats: https://wiki.cacert.org/Risk/History Which lacks any sexy graphics. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Enranda: 4MB/s Userspace TRNG
On 5/26/15, Krisztián Pintér pinte...@gmail.com wrote: i call bullshit on this one, just as i called bullshit on havege... dakarand is the other to add to this set, as well as the high resolution timer based userspace rng daemon mods... best regards, ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Enranda: 4MB/s Userspace TRNG
i call bullshit on this one, just as i called bullshit on havege. a proper hwrng always outputs the raw, unfiltered random bits. and an estimate of the the entropy content. whitening is easy, and can be done various ways, it is not interesting. many times we don't even want whitening, because we already have an entropy accumulator arrangement, like linux /dev/random (whatever crap it is). conclusions: 1, if your proposed method comes with a complex extractor, it is bullshit 2, if your method comes without a detailed analysis and measurements on the entropy content of the raw data, it is bullshit for start, where your entropy is coming from? it all comes from IRQ-s, otherwise the CPU runs quite predictably. it is already fishy to say that you can collect 4Mbit/s from IRQ alone. also it is very different on different platforms. embedded systems without user interaction tend to have less IRQ noise. where are the estimates? where are the calculations? Russell Leidich (at Tuesday, May 26, 2015, 5:01:20 AM): Enranda is a cryptographically secure (in the postquantum sense) true random number generator requiring nothing but a timer (ideally, the CPU timestamp counter). http://enranda.blogspot.com ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Enranda: 4MB/s Userspace TRNG
On 5/26/15, Russell Leidich pke...@gmail.com wrote: ... I would welcome your longer reply, you are patient and friendly in response to me, a jerk flinging opinions! i will send a longer response about my specific concerns for these types of entropy gathering when time permits - thank you for courtesy un-deserved! ... how do you envision this BTC... Bounty, as in compensation for a successful attack in the form of digital currency :P no matter, i am compelled to delineate concerns and risks, as said above. And yes, it's totally legit to attack Enranda by executing a process on the same CPU, for example, in another terminal window on a single-CPU system. For that matter, what other attacks do you foresee? i am glad the post-quantum hardness has constraints, regarding the rest, another tangent. as said above. I won't argue with your point about hardware TRNGs being superior to software ones. If you trust your chip vendor, then it all works just fine. i trust them more if the design provides raw sample access and the observed entropy density, bias, failure modes, as observed over extended sanity and continuous run-checks on the sampled bit stream. ... CPU instructions another tangent, which i've written about separately wrt RDRAND/RDSEED vs. XSTORE entropy sources. best regards, and my apologies for first, ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography