Hi Jacob and list,
sorry for the long delay (again), but anyway:
Jacob <ja...@edamaker.com> writes:
> I fully understand the trust gained by having a custom made external
> analog TRNG as we do here, but wouldn't be better to XOR the bitstream
> received from our generator with the one embedded in the CPU(*)?
The downside of such a setup is that you need to put some additional
effort into testing it; you can't simply run any sensible tests on the
XORed bitstream, so you need another way to make sure you detect a
hardware failure on the TRNG.
This actually brings back a couple thoughts I've come up with following
a discussion with Basil and Fredrik in Stockholm some time ago. Basil
reasoned there that even if the TRNG breaks there are use cases where we
should still provide "the best (pseudo) random output we can deliver at
that point", referring to some sort of high reliability scenario like an
in-flight failure aboard an aircraft.
If there's one thing I've learned from building redundant systems, then
it's that all redundancy is useless unless you can monitor reliably for
degradation. Or put another way: When do most people replace a
broken redundant power supply in a server? When the other one fails as
well.
Cheers,
Benedikt
PS: As of right now it looks like I'll be out of my current project some
time around April, so hopefully I can pick up work on the TRNG topic
again after that.
--
Benedikt Stockebrand, Stepladder IT Training+Consulting
Dipl.-Inform. http://www.stepladder-it.com/
Business Grade IPv6 --- Consulting, Training, Projects
BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
_______________________________________________
Tech mailing list
Tech@cryptech.is
https://lists.cryptech.is/listinfo/tech
