-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aloha!
Benedikt Stockebrand wrote: > Hi Jacob and list, > > sorry for the long delay (again), but anyway: > > Jacob <ja...@edamaker.com> writes: > >> I fully understand the trust gained by having a custom made >> external analog TRNG as we do here, but wouldn't be better to XOR >> the bitstream received from our generator with the one embedded in >> the CPU(*)? Having something that we don't have source code to bypass the whole TRNG chain and influence the final random number result is a no-no, at least to me. Using it as a third entropy source is ok. The RNG in the CPU will also not provide nearly the same bitrate as the CSPRNG does so the XOR:ing would have to be done a bit more complex than a simple gate. Otherwise you would risk XOR:ing with the same value multiple times. To me the basic question is if we would gain anything, and what the cost would be to get that? My gut feeling is that the answer is not much and too much work. > The downside of such a setup is that you need to put some additional > effort into testing it; you can't simply run any sensible tests on > the XORed bitstream, so you need another way to make sure you detect > a hardware failure on the TRNG. The plan is to have on-line monitors for each entropy source that can detect at least severe brokenness. This would allow the system to disable broken entropy source hardware. > This actually brings back a couple thoughts I've come up with > following a discussion with Basil and Fredrik in Stockholm some time > ago. Basil reasoned there that even if the TRNG breaks there are use > cases where we should still provide "the best (pseudo) random output > we can deliver at that point", referring to some sort of high > reliability scenario like an in-flight failure aboard an aircraft. As long as we the output of the CSPRNG is ok, running without reseeding is possible for a pretty long time (which can be adjusted). If the CSPRNG generated bad random values, we should stop hard. > Or put another way: When do most people replace a broken redundant > power supply in a server? When the other one fails as well. ;-) True. - -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joac...@secworks.se ======================================================================== -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJWn1PvAAoJEF3cfFQkIuyNTM4P/1dfFDVxjGyC4MeRu6NBsnqq fvRxDG/0ua5kzJK/WIwGJIA8Gbapptxb2on4K8trmYphChmq07BpPclcKfoSDdNe NfCXr/h2+T7qxJ/hWsE+TFbkrQI0JNCcTGvlztefnfacWWpsexYGEMaJ40NbFVmi coCBIkVeAY1i+8bxYTb/joCuKVAVoLIxAnvwxOAOiGMI9MkbDxsyLKj1JHsJ8ICN TOlYwZc21Xr+wTjnugETifR4bbmdxDz9KBwMWJDJ0YXnnJmxff4UgV38e2k0c5y3 zmtRshjgMDwcEmm0xnL+pVoqkLDZ2tSakOB82fL3QSBZAC84DVsRvjP51Xt3SdPk 4ohDj+lKKC/Zr4zyqPLRPYMpUiTMDdZl+q6cKvASamXCr9CIah2txBpfPW8zQ338 rjyypPtPIZHaQPBfgGqHjQCli5f16CnBP6WFbwzxsPItSY4flnNe+KC+AbksWGcI OizQVaTiTyzjpp2FOP3+wyA8pI1TalD6NOIFVXXb9piVChc5r5v2xBrYOb4Eksb6 qhjW33Mv1JQCmoffKmW41jfWq+iBZ9st64YCFRXi9Xi1Qmh1JFM1obet1eZca/te Q0JTmFfe3186UNQWCiblmMKufXR2bQDP5kNeJ5xrz9WGK5GZdSxdt3aS0MODqXla n9E/bWUAH80hQNovj6Sa =XmjB -----END PGP SIGNATURE----- _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
