Defcon 29 : IOT RNG

Jim Cheetham jim at gonzul.net
Tue Aug 31 05:37:58 BST 2021


 > Think of a random number between '0' and infinity. Was your number '0'?
Seriously? Crap. Well unfortunately, the hardware random number generators
(RNG) used by your favorite IoT devices to create encryption keys may not
work much better than you when it comes to randomness. In this talk, we'll
delve into murky design specs, opaque software libraries, and lots of
empirical results. We wrote code for many popular IoT SoC platforms to
extract gigabytes of data from their hardware RNGs and...

https://www.youtube.com/watch?v=jXJ9f9DBaVk

Approx 45 minute-long video, good Defcon content. Occasional swearing.

TL;DR just like Ian & others say - Use a CSPRNG, allow your buggy IOT RNGs
to shout into a mixed entropy pool instead of reading them directly ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20210831/4b52fde6/attachment.html>


More information about the Discuss mailing list