[115097] in cryptography@c2.net mail archive
RE: Toshiba shows 2Mbps hardware RNG
daemon@ATHENA.MIT.EDU (Dave Korn)
Thu Feb 14 17:43:44 2008
From: "Dave Korn" <dave.korn@artimi.com>
To: "'Crawford Nathan-HMGT87'" <HMGT87@motorola.com>,
"'Peter Gutmann'" <pgut001@cs.auckland.ac.nz>,
<cryptography@metzdowd.com>,
<perry@piermont.com>
Date: Wed, 13 Feb 2008 19:37:14 -0000
In-Reply-To: <EED81E3EA6E3D24BBC4ABE7A5544874402E3DD60@de01exm69.ds.mot.com>
On 11 February 2008 17:37, Crawford Nathan-HMGT87 wrote:
>> EE Times: Toshiba tips random-number generator IC
>>
>> SAN FRANCISCO -- Toshiba Corp. has claimed a major breakthrough in
>> the field of security technology: It has devised the world's
>> highest-performance physical random-number generator (RNG) circuit.
>>
>> The device generates random numbers at a data rate of 2.0 megabits
>> a second, according to Toshiba in a paper presented at the
>> International Solid-State Circuits Conference (ISSCC) here.
>
> I'm wondering if they've considered the possibility of EMI skewing the
> operation of the device, or other means of causing the device to
> genearate "less than completely random" numbers.
Not necessarily a problem, although it does depend on their design. Even if
by saturating the chip in an intense EM field you can skew the result almost
all the way to 1 or 0, won't the standard debiassing trick of examining
successive pairs of bits handle that?
> There used to be (maybe still) a TCP spoofing exploit that relied on the
> timing of packets; there are also various de-anonymization attacks based
> on clock skew. With a chip like this, you could add a small, random
> number to the timestamp, or even packet delay, and effectively thwart
> such attacks. Such systems need high-bandwidth, random number
> generators.
The original paper on the clock skew identity tracking technique suggested
that naive randomisation doesn't help; adding a bit of randomisation just
introduces noise into your dataset, but you can still clearly see the slope of
the line they're clustered around.
cheers,
DaveK
--
Can't think of a witty .sigline today....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
