Curious RNG stalemate [was: use of cpunks]
Eugen Leitl
eugen at leitl.org
Fri Oct 18 01:37:13 PDT 2013
On Fri, Oct 18, 2013 at 01:17:13AM -0700, coderman wrote:
> On Fri, Oct 18, 2013 at 12:54 AM, Eugen Leitl <eugen at leitl.org> wrote:
> > ...
> > We do not want a dinky little entropy drip. We want a
> > regular firehose.
>
>
> entropy firehose: 4 x 1.0Ghz Padlock engines with 2 physical noise
> sources per core (8 total)
> http://store.viatech.com/protected/product/frontProductDetail.action?id=9680
I have a couple older VIA C3 with hardware RNG, bought long ago for just that purpose.
What kind of motherboard is in there, do you know?
> depending on MSR configuration, number of sources contributing, type
> of rngdaemon processing, you can achieve 8 to 400Mbps of high quality,
> high assurance, high density entropy.
It is unauditable, just as any integrated RNG sources. Which
is not that big of problem, if you mix in enough external entropy
from a trusted source. The trusted source need to be sufficiently
simple to be validated by inspection. You can source RTL-SDRs
from many sources. All you need is to match impedance and output
power from your analog white noise circuit to goldilocks level.
In case anyone is interested,
http://www.reddit.com/r/amateurradio/comments/1mro3q/wideband_white_noise_generator_circuit/
> plenty of random for your off-line key generation needs, local network
> entropy distribution, virtio supply for guest VMs, unlimited source
> for full disk encryption initialization, high volume session
> establishment and network services, and any number of other concurrent
> uses.
>
> i have yet to max out a source this prolific in any reasonable
> (non-bench mark) scenario.
>
>
> this is just my favorite. there are lots of options if you look around
> far enough, and expend enough effort to interface with.
>
>
> and of course you can always build you own. there are plenty of
> interesting options discussed in various Cryptographic Hardware and
> Embedded Systems proceedings and other published texts...
But there is still no simple kit you could directly plug into your
coax socket. That is a threshold of entry too high for people
who can't tell which part of the soldering iron is the hot one.
More information about the cypherpunks
mailing list