[Ach] question / recommendations on hardware RNG sources?
rsc at runtux.com
Fri Dec 6 17:04:07 CET 2013
On Fri, Dec 06, 2013 at 03:03:43PM +0100, L. Aaron Kaplan wrote:
> Concerning Hardware RNGs: do you have any experience / recommendations
> on this topic?
> I came across this comparison:
> Any experiences with this one?
> or this?
Both look fine, as usual for crypto-related deviced I prefer open source :-)
Known problem with CCD devices (the lavarnd variant) is that the
individual cells can be biased and you usually have pattern in them. But
hashing the result into something much smaller (as they do) looks good
enough to me.
If in doubt you may want to use two devices from different manufacturers
and mix both into the Linux entropy pool. Note that every user can mix
data into the pool in Linux but only root can set the expected current
randomness count. With that in mind you can assign a lower count for
devices you trust less. (But OpenSSL will use /dev/urandom anyway :-)
There are local attacks on HW RNGs mostly with strong electromagnetic
fields that can completely remove randomnes (e.g. from a noise diode).
This can occur by chance (i.e. not due to an attack) e.g. from a nearby
radio transmitter or mains hum (Netzbrummen in german).
I'm not aware of any studies on CCDs in this regard.
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office at runtux.com
allmenda.com member email: rsc at allmenda.com
More information about the Ach