On 06/05/2016 19:48, Russell Leidich wrote: > But to answer your question, if we assume that the TRNG resides in the > kernel, I see no way in which an acoustic attack could defeat it, even > if the implementation sourced its randomness exclusively from the > microphone, as too much audio precision would be required to create a > predictable byte stream of any significant length in a realistic server > environment with lots of fan noise and multipath arrival issues. So > unless you're trying to attack a purely audio TRNG in a recording studio > -- and probably not even then -- this route seems hopeless. > Alternatively, you could try to attack a timer-based TRNG by shooting > sound at the booting machine in the hopes that the sound device would > send incoming sample packets to main memory on a predictable schedule, > but this, too, seems hopeless because even ensuring timing correlation > between timestamp counters on different cores is a perpetual annoyance > to software developers; hoping to sync the audio and core clocks is much > harder. The very existence of the RDTSCP instruction, which reads the > timestamp on a specified core, is evidence of this difficulty.
Maybe could be attacked conversely, by an acoustic isolation of the entropy noise sound device? _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography