[onerng talk] The world's (other) most secure TRNG

[Paul Campbell]

On Mon, 29 Sep 2014 22:15:06 Bill Cox wrote:
> Thanks for the tip.  I'll check them out.  I have to say, "Dirty PCB"?!?
> Geeks suck at names!

so it's another name for the guys who do Dangerous Prototypes 
http://dangerousprototypes.com/. It was a joke, Ian, one of the guys who runs 
it, lives in Shenzhen, he's been running these "how to be a western hardware 
hacker and live in Shenzhen" courses, I went to the first one he ran back in 
March  - part of the deal was that he ran a board for us each through his 
favourite prototype house, he set up a web site to manage it with a joke name 
while we were there at the course someone posted it to Hacker News, his phone 
went crazy ..... he's undercutting the other Chinese places we were buying 
from and now its a business - his cheap 'prototype' stuff works because they 
order ~11 and promise to order almost that much, some fail QA so sometime you 
get 9, sometimes 11 when normally you'd only need 1 or 2 anyway - having to 
make exactly 10 costs more

> Proto Advantage sells stencils and solder past syringes.  Frankly, I'm too
> old for this!

best to get steel stencils made when you get your boards made, I don't 
normally bother for small prototypes (just use a syringe) but at $25 a pop 
from DirtyPCB I'm starting to change to just ordering them every time ....

I've decided that getting older just means you have to keep reinventing 
yourself  every decade or so so you don't get stale - I lived in the Bay Area 
for 20 years and bounced between hardware and software, when the kids hit high 
school we moved back to NZ but I still work in the US for my day job - the 
whole board building thing is a side line, not making any money yet but a 
chance to do something different
 
> I'll take your word for it, but it saddens me.  I would hope our automation
> could compete with their cheap labor for board assembly.  

chances are they're using as much automation as you see in the US - at least 
for building boards (other sorts of assembly may be different) but there are 
parts of the Chinese  infrastructure  that can handle the sorts of piece work 
you're thinking of - I'm told that if you live there or have a good agent to 
work with 500 unit runs can be done economically - shipping is another area 
the have all over everyone else, even for small runs (all that putting stuff in 
little bags)

> I pick 1000 part
> prices not because I think I'll build that many, but because a successful
> project should blow that away.  If it's a good idea, then a thousand should
> not be a problem, and I don't mean TRNGs, but projects in general.  I'd
> hate to abandon a good idea because I read the 10-piece prices.  There were
> some prices with big breaks at 4,000, and I found it hard to resist putting
> that in my BOM.  Seriously, how big a dent can we make in the world with
> anything smaller than 4,000 units?

well 4000 of something surface mount (except maybe high end silicon) is 
probably a reel ... putting anything other than a reel on a pick and place 
machine is kind of a waste (and a pain), to sell you any less than a reel 
means your vendor (Mouser/Digikey) has to unspool a reel and cut it in pieces, 
and are stuck with part of a reel they might not be able to sell - that's why 
it costs so much more

When I was in Shenzhen I bought 50 reels of resistors for ~$2 each - 1/4 
million resistors, I'm going back over Xmas, I'll probably buy another 20-30 
reels (to cover the rest in the 0603 ranges that I don't have yet, and to 
double up on some common parts that I keep permanently on the P&P machine)
 
> One question: is it better to spend money on a completed surface-mount
> board for your prototype, trying to make it as close as possible to a real
> production board, or can we still do real prototypes, where we can try
> different capacitor values, for example?  Do we simply pay 10X more for
> each part to mount them on Proto Advantage surface-mount to DIP?

I've switched to all SMT prototypes - soldering surface mount is (mostly - 
QFNs are my bane) easy,  tweezers, magnification and a fine tipped soldering 
iron are a must, hot air rework is way more useful than you think

(I teach surface mount soldering to 13yr olds at the local makerspace, hand 
them some hot air and a soldering iron have them pull parts off and put them 
back on some old dead  board to get started - takes about an hour - we also 
sell a beginner's SMT kit http://www.moonbaseotago.com/kit1/ as a fundraiser)

> Sorry I'm effectively a noob again when it comes to building the
> prototypes...

no problem - I was there about 18 months ago :-)

> Why?  Injected noise is welcome.  It can only add entropy.  The real
> entropy comes from low level noise in the components, but power supply
> noise is still entropy worth adding to the pool, even if it is predictable
> and low bandwidth.

yeah but it's not really noise in the random sense - the stuff I'm talking 
about is going to be happening with your clock and go only in one direction

> I am a big Linux fan, though also I have major gripes.  I have an
> air-gapped Ubuntu 14.04 machine for building Windows CipherShed releases
> (the poorly named fork of TrueCrypt).  Generating keys was a nightmare,
> which made me think of this project again.  I just needed a 4096 bit key
> pair, and it made me type like a monkey on my keyboard for about half an
> hour!

then you'll like onerng :-) /dev/random feeds data as fast as we can feed it

> Whoa... who's talking about building a real product ?!? :-)  I'll leave
> that to you guys.

well I am - something that's completely open but also manufacturable

	Paul