[GTALUG] Crypto Question: Where do you get your entropy
Stewart Russell
scruss at gmail.com
Wed Nov 12 16:27:20 UTC 2014
On Nov 12, 2014 10:52 AM, "Christopher Browne" <cbbrowne at gmail.com> wrote:
>
> http://www.entropykey.co.uk/tech/
Unfortunately, these are no longer available. If you check their shop, they
say that the wait time is effectively indefinite.
It looks well designed, but it all depends how paranoid you need to be.
Certain ARM Cortex microcontrollers have thermal hardware RNGs built in.
They can pump out a stream of noise at a huge rate.
The Raspberry Pi's SoC has one too. It's not super-fast and closed, so you
decide if it works for you. Most other artisanal solutions (Geiger counter
timing, clock skew on microcontrollers, detuned radios, avalanche noise,
intentionally mis-wired comparators) don't produce the volume of entropy
you need. They're also open to tampering, and most folks don't have the
knowledge to know what to look for in designing such a thing. I certainly
know I don't ...
I haven't checked if you still have to build a custom kernel to get RdRand
support on x86. Given past messes over ssh entropy holes, the lack of
support for RdRand because it might be tainted by the NSA was a pot/kettle
situation.
Cheers
Stewart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20141112/c77f42b7/attachment.html>
More information about the talk
mailing list