TRNG (was: Specifying entropy source)

Stefan Midjich swehack at gmail.com
Thu Nov 17 12:47:05 CET 2016


On the topic of open source RNG, I own the OneRNG and have attempted
to use it with gpg but failed in the past.

I never made another attempt.

OneRNG was a kickstarter crowd funding campaign and is now available
from their webshop. It's supposed to be an open source RNG but I'm not
qualified to speak on its quality as a TRNG.

It instructed users to use rngd, and at the time I was not aware of
haveged. I was able to use it for entropy but never for GPG. The
OneRNG has a LED that is supposed to dim when entropy is being drawn
from it, but gpg use never triggered this.

My goal would be to make another attempt at using my OneRNG over USB
with haveged as entropy source. A quick web search shows others have
attempted this already. For example https://lwn.net/Articles/648550/

2016-11-17 1:37 GMT+01:00 NIIBE Yutaka <gniibe at fsij.org>:
> Hello,
>
> I work for my own TRNG implementation.  I realized that the point is:
>
>     We should collectively control things so that none can control a
>     sequence of random bytes.  --- (*)
>
> Second "control" in (*) includes guessing, predicting, or knowing, not
> only manipulating directly/indirectly.
>
> Things include software, hardware, and the process of making software,
> hardware, etc.
>
> I observed that people have tendency to prefer an exotic noise source,
> but it is not that important matter for me.  Rather, if a TRNG device
> depends on some exotic technology, I count it as a weakness because it
> makes it difficult to be reproducible and transparent.
>
>
> On 11/17/2016 03:12 AM, NdK wrote:
>> Il 16/11/2016 15:55, Juergen Christoffel ha scritto:
>>
>>> Then there are http://www.bitbabbler.org and
>>> http://ubld.it/products/truerng-hardware-random-number-generator/ as
>>> hardware random number generators. Both are worth their money IMO.
>> Why not GnuK, that incorporates a TRNG too?
>
> In general, OpenPGP card implementations have a random number
> generator.  I mean, it's not only the feature of Gnuk.  It is
> accessible by gpg-connect-agent.  Here is an example.
>
> ====================
> $ gpg-connect-agent --hex "SCD RANDOM 32" /bye
> D[0000]  F8 04 49 F3 BA D9 85 44  47 54 F5 89 B5 49 EA E7   ..I....DGT...I..
> D[0010]  46 20 1E 09 15 AC 38 7E  9E 50 0E D7 28 19 64 15   F ....8~.P..(.d.
> OK
> ====================
>
> I think that this is useful when a person installs an OS into a new
> machine, or when people use machines for clean boot with fixed media
> like CD.  Feeding those random bytes to /dev/random can make the
> barrier higher (against guessing, predicting, or knowing).
>
>> There's even a version that only includes the TRNG, and it's completely
>> open.
>
> Thank you, Diego, for the introduction.  The device is available at:
>
>
> https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator
>
> I think that "completely open" is not achieved, yet.
>
> Although I tried my best making it free, reproducible and transparent
> (I use the tube on purpose to demonstrate its transparency), it's not
> perfect; While firmware is Free Software assuming Free Software
> development environment only, and the PCB design is free and the
> design assumes Free Software development environment only, it still
> depends on the MCU chip (manufacturer and its distribution channel)
> and the manufacturer of PCB assembly.
>
> Suppose that there were a proprietary TRNG device by some alien (I
> mean, an external entity).  As a gift, the alien deliberately left the
> TRNG which generation of randomness cannot be controlled by anyone in
> this planet.  In this case, this TRNG is useful for us, perhaps.
>
> Given no such a gift on earth, I believe that we need free,
> reproducible and transparent one even not perfect.
>
> Well, I think that the TRNG device is very good for a gift to hackers.
> :-)
>
> Enjoy,
> --
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 
Vänliga Hälsningar / Sincerely
Stefan M



More information about the Gnupg-users mailing list