A really stout external source of randomness - what a curious new tool to have in a data center!
The link (HWRNG <--> client) would be a too-tempting target for an adversary who knew that the data might be used in its raw form. Unless the server-to-client link was unquestionably secure, the clients absolutely would need to apply (something like) your local remixer process to use it. A simple variation on CSPRNG w/ local entropy - sounds great. Certainly you'd have a mess if you were using the data straight-up and later found out that someone had hacked the HWRNG box. Brrrrr. I'm certainly not suggesting it couldn't be done - strip the HWRNG's firmware to the essentials and don't allow network updates. But, brrrrr. Early adopters would be 'special'. The implementation would end up being unique to the data system. Idiomatic to the way data is used and stored, the process, etc. The general use case would grow out of that early work. - brad. On Wed, Mar 19, 2014 at 04:28:08PM -0700, [email protected]: > > I am thinking of making a userland unpredictability distribution > > system, so that expensive HWRNGs may be shared securely amongst > > several machines. > > > > Here's the algorithm from generation to use: > > Please note that each node gets a stream of data which is > computationally independent of the other streams, so the most this > system can give is computational security. As such, if the receiving > pool (entropy sink) is /dev/urandom, then the listener should not > update entropy counts. But you generally only use /dev/random for key > generation and OTP generation anyway, so no big deal; if you need > that, get it straight from stage 2, and don't send it over the > network. > > > 1) Unpredictability harvested from HWRNG. > > Step 1.5) test output of HWRNG prior to anything else, alert if it > falls into certain failure modes. > > > 2) Unpredictability mixed with PRNG output to disguise any biases > > present in source. The Mersenne Twister suggests itself due to its > > extremely long period and fast use but I think a CSPRNG is better. > > (Is XOR sufficent and desirable as mix function?) > (...) > -- > http://www.subspacefield.org/~travis/ > Remediating... LIKE A BOSS > > > > _______________________________________________ > RNG mailing list > [email protected] > http://lists.bitrot.info/mailman/listinfo/rng > >
_______________________________________________ RNG mailing list [email protected] http://lists.bitrot.info/mailman/listinfo/rng
