You're Doing IoT RNG
grarpamp
grarpamp at gmail.com
Thu Aug 12 23:35:30 PDT 2021
If you're trusting some closed source black box silicon chip
printed in closed unauditable uninspectable fabs by a bunch of
closed GovCorp entities, all of which have ongoing history ranging
from broken to malicious products... to "generate" and feed you
"random numbers", and further trusting the box to tell you
whether or not itself is working as "advertised", and that the
numbers it's feeding you were are and will be "random", etc...
then yes, you're doing it very wrong.
People can add it as one of many sources into whatever their
favorite [un]trusted opensource hash chain PRNG software is,
the adding simply serving as redundancy in case failure of
N-1 sources. Yet regardless, if none of those sources
into the XOR's are TRNG's, and if there was no trusted
sample file of random that had already passed all desired
hardness checks included in the addition as bootstrap
against all-source and startup settling failure... it's a bit moot.
Most major open OS... BSD Linux, and presumably closed
Win and Mac, already fixed those basics not long ago.
However it remains rightly and only your responsibility
to do the last remaining thing...
All over the internet there are reference designs for
opensource True RNG's using discrete testable
logic components in the output stages that anyone
can build and plug into their serial port as one
of the sources, so go do that.
Use Shannon, Quantum, Private Observations of
Nature's Ephemerals, Logic, Continuous Lifetime Testing,
etc as your spirit guide.
Or at least keep mashing keyboard and mouse.
Then you have seed mix, and at least up to whatever
bit-equivalent strength your favorite [un]trustable
opensource PRNG is, including possibly for XOR
onetime pad.
This sort of RNG theory has been known for many many
decades. It's utterly ridiculous 20+ years since the first
opensource OS/library RNG exploit papers, that
whack-a-mole and accepting the "oopsie" excuse
are still the case.
And futher ridiculous that no one has launched
into the profitable world-changing greenfield that is...
#OpenHW printed in #OpenFabs under #OpenAudit
https://en.wikipedia.org/wiki/Random_number_generation
https://en.wikipedia.org/wiki/Hardware_random_number_generator
https://en.wikipedia.org/wiki/Cryptographically-secure_pseudorandom_number_generator
https://en.wikipedia.org/wiki/List_of_random_number_generators
https://en.wikipedia.org/wiki/One-time_pad
https://en.wikipedia.org/wiki/Provable_security
https://en.wikipedia.org/wiki/Information_theoretic_security
https://en.wikipedia.org/wiki/Information_theory
https://en.wikipedia.org/wiki/Claude_Shannon
https://en.wikipedia.org/wiki/Post-quantum_cryptography
More information about the cypherpunks
mailing list