TRNG (was: Specifying entropy source)
NIIBE Yutaka
gniibe at fsij.org
Thu Nov 17 01:37:44 CET 2016
Hello,
I work for my own TRNG implementation. I realized that the point is:
We should collectively control things so that none can control a
sequence of random bytes. --- (*)
Second "control" in (*) includes guessing, predicting, or knowing, not
only manipulating directly/indirectly.
Things include software, hardware, and the process of making software,
hardware, etc.
I observed that people have tendency to prefer an exotic noise source,
but it is not that important matter for me. Rather, if a TRNG device
depends on some exotic technology, I count it as a weakness because it
makes it difficult to be reproducible and transparent.
On 11/17/2016 03:12 AM, NdK wrote:
> Il 16/11/2016 15:55, Juergen Christoffel ha scritto:
>
>> Then there are http://www.bitbabbler.org and
>> http://ubld.it/products/truerng-hardware-random-number-generator/ as
>> hardware random number generators. Both are worth their money IMO.
> Why not GnuK, that incorporates a TRNG too?
In general, OpenPGP card implementations have a random number
generator. I mean, it's not only the feature of Gnuk. It is
accessible by gpg-connect-agent. Here is an example.
====================
$ gpg-connect-agent --hex "SCD RANDOM 32" /bye
D[0000] F8 04 49 F3 BA D9 85 44 47 54 F5 89 B5 49 EA E7 ..I....DGT...I..
D[0010] 46 20 1E 09 15 AC 38 7E 9E 50 0E D7 28 19 64 15 F ....8~.P..(.d.
OK
====================
I think that this is useful when a person installs an OS into a new
machine, or when people use machines for clean boot with fixed media
like CD. Feeding those random bytes to /dev/random can make the
barrier higher (against guessing, predicting, or knowing).
> There's even a version that only includes the TRNG, and it's completely
> open.
Thank you, Diego, for the introduction. The device is available at:
https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator
I think that "completely open" is not achieved, yet.
Although I tried my best making it free, reproducible and transparent
(I use the tube on purpose to demonstrate its transparency), it's not
perfect; While firmware is Free Software assuming Free Software
development environment only, and the PCB design is free and the
design assumes Free Software development environment only, it still
depends on the MCU chip (manufacturer and its distribution channel)
and the manufacturer of PCB assembly.
Suppose that there were a proprietary TRNG device by some alien (I
mean, an external entity). As a gift, the alien deliberately left the
TRNG which generation of randomness cannot be controlled by anyone in
this planet. In this case, this TRNG is useful for us, perhaps.
Given no such a gift on earth, I believe that we need free,
reproducible and transparent one even not perfect.
Well, I think that the TRNG device is very good for a gift to hackers.
:-)
Enjoy,
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161117/910defc0/attachment.sig>
More information about the Gnupg-users
mailing list