[onerng talk] RNG designs

ianG iang at iang.org
Sun Feb 2 11:21:05 GMT 2014 

On 2/02/14 12:07 PM, Paul Campbell wrote:
> On Sun, 02 Feb 2014 21:49:51 Jim Cheetham wrote:
> 
>> But even if the RF stream delivers less than 1 bit of entropy per bit,
>> that doesn't really hurt us. It is still better than zero :-)
>>
>> If the diode circuit delivers a better result, is it really 'perfect'?
> 
> arguably yes  - the avalanches in the diode are triggered by quantum effects 
> .... it's the sampling of the resulting data that introduces the slight 1/0 
> difference 

Huh.  Sampling effects the distribution.  Nice!


> I think the main reasons for having multiple sources are more paranoia that 
> one of them might have be mucked with by a 3rd party than that two is 
> inherently better than one 


Yes, the active attacker paranoia is never far away, and an overreaction
is inevitable.

Rather than try and objectivise it away with mere science, we can use it
to our advantage.  Add multiple uncorrelated sources and let the users
benefit from all of them.


>> From reading of the Turbid documentation
>> (http://www.av8n.com/turbid/paper/turbid.htm#sec-hrng starts half-way
>> through) the hashing stage is what mitigates problems in the input. I
>> don't see that mixing all the sources into a single pool
>> (interleaving, xor-ing; does it matter which?) and then hashing them
>> before presenting them to the user can be a problem.
> 
> I don;t think it is - but as Ian points out transparency is important since 
> that's our major goal here


The Intel instruction RDRAND has been roundly trashed by the paranoiac
community for that very reason -- it carefully whitens the noise through
AES, so nobody trusts it ain't a straight NSA-seeded PRNG.

Now, if it wasn't whitened and we could see the raw feed, does that mean
the spooks have futzed with the circuit?  At a first order analysis,
yes, because it "looks like" their original resistor design.

But look deeper and ask:  do the spooks have hardware designers (yes) do
they know what an FFT is (yes) do they have the best people in the world
(yes) do they have the incentive (yes) do they have the budget (yes) do
they have the access (yes) do they ....

So to some extent this is a scientific rabbit hole.  But we have to take
account of how the market is going to treat these rabbit holes...

Hence, the idea that we have feed 0 -- nicely mixed / CRC-whitened --
and all the other raw things.  Nice.



iang

More information about the Discuss mailing list