On Saturday, December 19, 2015 12:22:23 AM Jacob wrote: > A question to the experts: > > I fully understand the trust gained by having a custom made external > analog TRNG as we do here, but wouldn't be better to XOR the bitstream > received from our generator with the one embedded in the CPU(*)? I mean, > if the CPU 's TRNG is tainted, we will not be worse off, and if it is > not, the board will probably exhibit higher security in case our > generator would have some issues. >
In general, I believe you are right. If you have good entropy, even XORing it with 0xff..ff won't reduce the entropy. However, there is a special case where a malicious producer of the value(s) that will be XORed into the stream is able to observe the other entropy stream. So, if the STM32 RNG could actually observe the data read from the external avalance noise before returning data that will be XORed into the stream from the external avalanche noise... it could actually cancel out the entropy from the external source. /Fredrik
_______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
