Re: how i stopped worrying and loved the backdoor

[coderman <coderman () gmail com>]

On Sat, Dec 25, 2010 at 2:12 PM,  <cpolish () surewest net> wrote:
> ...
> Check out Markus Jacobsson et al, "A Practical Secure Physical Random
> Bit Generator", 1998, using the turbulence of airflow inside the drive
> as the source of randomness. Can't do much better than that.

how much turbulence does my SLC FDE make?

the reason i prefer on die is that pre-boot operations and/or host
init can make use of these sources via built-in facilities without
need for additional drivers to external devices that may in turn
require bus initialization and interrupt allocation, and so on, etc.

likewise, if bootstrapping a secure network requires strong random
numbers a network based entropy distribution setup to hosts without
their own physical sources is not so useful for that task.

there are many other considerations weighting toward on-die
implementations, like clock and sample rates, but proper hardware
entropy engineering is a verbose tangent way too long for this already
meandering discussion... [0]

:)



0. if you're really curious, check out Cryptographic Hardware and
Embedded Systems proceedings, any hw design texts by authors of these
proceedings, and then you'll know what your known unknowns are and can
brazenly blaze forward into the esoteric or halt early satisfyingly
convincing yourself that you could give two shits about what it takes
to build proper kit.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/