On 12/19/2015 12:39 AM, Fredrik Thulin wrote:
On Saturday, December 19, 2015 12:22:23 AM Jacob wrote:
A question to the experts:
I fully understand the trust gained by having a custom made external
analog TRNG as we do here, but wouldn't be better to XOR the bitstream
received from our generator with the one embedded in the CPU(*)? I mean,
if the CPU 's TRNG is tainted, we will not be worse off, and if it is
not, the board will probably exhibit higher security in case our
generator would have some issues.
In general, I believe you are right. If you have good entropy, even XORing it
with 0xff..ff won't
reduce the entropy. However, there is a special case where a malicious producer
of the
value(s) that will be XORed into the stream is able to observe the other
entropy stream.
So, if the STM32 RNG could actually observe the data read from the external
avalance noise
before returning data that will be XORed into the stream from the external
avalanche noise...
it could actually cancel out the entropy from the external source.
/Fredrik
But if this is the case, then it means that the malicious observer has
control of the CPU, so all bets are off and nothing is secured.
_______________________________________________
Tech mailing list
Tech@cryptech.is
https://lists.cryptech.is/listinfo/tech
