[Gllug] entropykey: why did nobody ever mention this thing before?

Nix nix at esperi.org.uk
Sat Aug 21 22:50:14 UTC 2010 

On 18 Aug 2010, Philip Hands outgrape:

> I know I'm late to this party, but I just thought I'd mention:
>> They probably aren't, all the time. That's why it has two random number
>> generators and hunts for correlations between them, and patterns in the
>> result of mixing them.
>
> Quite -- if it becomes suspicious of any correlations between the
> sources, or insufficient randomness in either source, it takes itself out
> of service.

The reason for going out of service was not previously being reported,
so I submitted a patch to do that last week :)

> At DebConf9 (in Extremadura, Spain -- on a sunny day) Daniel borrowed my
> glasses to cook the things to confirm that that bit worked on the
> prototypes (I'm long-sighted, so have reasonably powerful magnifying
> glasses in my specs. -- good for torturing ants and ekeys ;-)

I imagined that he'd stuck it on a stove or in the fridge, not used
glasses, but I guess that works too :)

> I'm also pretty sure that the pair of diodes they're using is generating
> entropy at a considerably higher rates than is eventually allowed up the
> USB cable.

It's averaging 32332Kbits/s: the protocol limits it to 32767Kbits/s as
an absolute maximum. The fact that it never gets that high suggests to
me that they don't have that much 'spare' entropy coming off the diodes,
at least not after decorrelation and so on. Of course, this is partly a
matter of how often they choose to sample the diodes, so a better way of
putting it might be that the key chooses to sample its diodes at most
32768 (and more likely 16384) times per second.

> Having heard Daniel talking about it at some length, it would seem they
> have taken account of all of the obvious, and most/all of the
> non-obvious attacks/flaws from which that such a device might suffer.

Quite so. It took me some thought to figure out the set of attacks which
the three-level encryption key hierarchy was meant to eliminate. There
are quite a lot of them. Impressive foresight :)

> As mentioned, it's marvellously over-engineered, and was built more as a
> labour of love than because they expected to make any money out of it.
>
> Cheers, Phil.
>
> P.S. I have no financial links with Simtec, but will most certainly be

I have financial links: I bought a key from them. (That's a link,
surely.)

> adding one of these to my co-lo server when I next do hardware upgrades
> on it.

I'm not sure one USB key really counts as a hardware upgrade. Its CPU
load requirements are quite low after my patches a couple of weeks ago
(which should I hope be in the next ekeyd release), though its RAM
requirements are a tiny bit higher:

  RSS    VSZ STIME     TIME COMMAND
 6976   8432 Aug10 02:41:52 ekeyd

And that's on a 500MHz Geode. Perhaps four hours of CPU time a month,
despite doing heavy dispatching of entropy to multiple EGD clients, is
pretty much ignorable as far as I'm concerned. (I still plan to speed it
up some more, but not because I need to, just for the hell of it. :) )
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list