[PLUG] hardware RNG cards was: rngd

Keith Lofstrom keithl at kl-ic.com
Tue Sep 29 06:00:24 UTC 2009


On Mon, Sep 28, 2009 at 03:36:46PM -0700, wes wrote:
> If that is still not good enough for you, are you prepared to spend what it
> takes to meet your needs?
> 
> http://www.araneus.fi/products-alea-eng.html
> 
> Also, I have heard that VIA chipsets have a hardware RNG onboard.

I sell "random numbers",  see http://siidtech.com .  While a
semi-decent hardware RNG can beat the pants off of pure software, 
any random number generator is only as good as the chain of hardware
and software that delivers it to the application, and the wisdom of
the programmers and users that design and operate that chain. 

Hardware RNGs are subject to "side channel attacks", involving crazy
manipulations of power, temperature, clock rates, and system noise,
especially in untrusted environments.  That cute little Araneus RNG
USB dongle is a black box.  Who knows what back doors it might have,
intentional or otherwise.  Or whether the USB dongle that is plugged
into the computer this week is actually the Araneus dongle you bought
(in person) last week, or a counterfeit substituted by the M.I.B. 

The crazy thing is, unless you tear down to the silicon, you have
no way to know whether it has back doors, because there is no way
to differentiate between a real random sequence and a high-entropy
deterministic one.  At best, all you can do is detect the more 
obvious sequences.  A generator that emits the binary digits of
pi is purely deterministic, but mathematical randomness tests will
call it random.  There are an uncountably infinite number of
deterministic transcendental numbers like pi and e, BTW.

In the end, it becomes a question of trust, either in open software
and the people reviewing it for you, or in the skills and sincerity
of hardware designers and manufacturers.  Use your best judgement,
but limit your exposure, and set aside resources to clean up
afterwards if you make the wrong choice.

Keith

-- 
Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs



More information about the PLUG mailing list