[onerng talk] Compare with NeuG and the BitBabbler

[Jim Cheetham]

I'll leave discussion of the actual entropy sources to others, but there
are other aspects that are very important.

RNGs are commonly used for security, and therefore Trust becomes an
essential consideration. If your RNG is untrustworthy (or actively
malicious) an attacker can subvert most of the encryption that you take for
granted.

You have to trust your environment, and that's the significant difference
that OneRNG is providing - not only do we make it as easy as possible to
compare the hardware *design* to the hardware *as built*, we also sign the
firmware in a manner that makes it extremely difficult to tamper invisibly;
plus in common with many others you have the ability to install your own
firmware based on our source code if you prefer. This gives you the ability
to *verify* the device that came in the post from China, rather than just
trusting it because Jim and Paul are nice people.

So although the other devices tend to consider the output of large volumes
of random data to be their goal, we consider the output of *trustworthy*
random data to be ours. You really don't need much data, a device like this
should be used as seed/input to a decent CSPRNG algorithm, not necessarily
directly.

NeuG is an Open project, and you can see the sources for the hardware and
the software. The device that you get isn't too small, and you can see the
circuit layout. Yutaka Niibe has put a lot of thought in to this device,
and I wish I could read Japanese better to see more of his comments :-) I'm
not sure of the ubiquity of the two big components on that board, and I
don't think there are mechanisms to help you verify the firmware.

BitBabbler was new to me, and while the philosophy of having simpler
hardware with the complexity in the host OS matches ours, I can't actually
find any hardware design published, and of course the unit is in a sealed
case. So while they have obviously put a lot of thought into the quality of
the output, it's the input that's difficult to assess.

You might also want to consider the ChaosKey,
http://altusmetrum.org/ChaosKey/

-jim

On Mon, Feb 20, 2017 at 3:24 AM, Vishnu <
p-6S2zOwrl6o4I8jK7k2IBQT at lists.onerng.info> wrote:

> OneRNG <http://lists.onerng.info>
>
> [image: Photo of Vishnu]
> <http://lists.onerng.info/p/6S2zOwrl6o4I8jK7k2IBQT>
> *Compare with NeuG and the BitBabbler*
> <http://lists.onerng.info/r/topic/6OG1HC5hFAMqs2dyrGPyBT>
> by *Vishnu* <http://lists.onerng.info/p/6S2zOwrl6o4I8jK7k2IBQT>
> in *OneRNG Talk* <http://lists.onerng.info/groups/onerng-talk>
> ------------------------------
> Is anyone aware of how exactly OneRNG differs from the two other 'open',
> similarly priced TRNGs, the NeuG and the BitBabbler (Black): ?
>
>
> http://*www.gniibe.org*​/memo​/development​/gnuk​/rng​/neug​.html
> <http://www.gniibe.org/memo/development/gnuk/rng/neug.html>
> http://*www.bitbabbler.org*​/what​.html
> <http://www.bitbabbler.org/what.html>
>
> Especially in terms of the sources of randomness?
> ------------------------------
> ⮪ Reply
> <onerng-talk at lists.onerng.info?subject=Re%3A%20Compare%20with%20NeuG%20and%20the%20BitBabbler>
>   🖂 New topic <onerng-talk at lists.onerng.info>   View topic…
> <http://lists.onerng.info/r/topic/6OG1HC5hFAMqs2dyrGPyBT>
> Unsubscribe
> <onerng-talk at lists.onerng.info?subject=Unsubscribe&body=Hello%2C%0A%0APlease%20remove%20me%20from%20OneRNG%20Talk%0A%3Chttp%3A//lists.onerng.info/groups/onerng-talk%3E%0A%0AThank%20you.>
>  •  Switch to a daily digest
> <onerng-talk at lists.onerng.info?subject=Digest%20on&body=Hello%2C%0A%0APlease%20switch%20me%20from%20receiving%20one%20email%20per%20post%20to%20the%20daily%0Adigest%2C%20which%20summarises%20the%20all%20the%20posts%20made%20each%20day%20in%0AOneRNG%20Talk%0A%3Chttp%3A//lists.onerng.info/groups/onerng-talk%3E%0A%0AThank%20you.>
>
>    - Privacy <http://lists.onerng.info/policies/privacy/>
>    - Acceptable Use <http://lists.onerng.info/policies/aup/>
>    - Terms of Service <http://lists.onerng.info/policies/tos/>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20170220/dd16bf4b/attachment.html>