[Gllug] entropykey: why did nobody ever mention this thing before?

Philip Hands phil at hands.com
Wed Aug 18 09:06:02 UTC 2010 

I know I'm late to this party, but I just thought I'd mention:

On Mon, 02 Aug 2010 20:55:03 +0100, Nix <nix at esperi.org.uk> wrote:
> On 2 Aug 2010, Richard Jones outgrape:
...
> > However I'm suspicious that the numbers are really going to be random.
> 
> They probably aren't, all the time. That's why it has two random number
> generators and hunts for correlations between them, and patterns in the
> result of mixing them.

Quite -- if it becomes suspicious of any correlations between the
sources, or insufficient randomness in either source, it takes itself out
of service.

> >                                     The diode bounces off and on "at
> > random", but at quite a low average frequency.  The clock rate that
> 
> It also depends on temperature. I don't see any sign that you stopped
> attackers from heating the box up or cooling it down. :)

It monitors its own temperature, and also takes itself out of service if
the temperature goes out of bounds.

At DebConf9 (in Extremadura, Spain -- on a sunny day) Daniel borrowed my
glasses to cook the things to confirm that that bit worked on the
prototypes (I'm long-sighted, so have reasonably powerful magnifying
glasses in my specs. -- good for torturing ants and ekeys ;-)

I'm also pretty sure that the pair of diodes they're using is generating
entropy at a considerably higher rates than is eventually allowed up the
USB cable.

Having heard Daniel talking about it at some length, it would seem they
have taken account of all of the obvious, and most/all of the
non-obvious attacks/flaws from which that such a device might suffer.

As mentioned, it's marvellously over-engineered, and was built more as a
labour of love than because they expected to make any money out of it.

Cheers, Phil.

P.S. I have no financial links with Simtec, but will most certainly be
adding one of these to my co-lo server when I next do hardware upgrades
on it.
-- 
|)|  Philip Hands [+44 (0)20 8530 9560]    http://www.hands.com/
|-|  HANDS.COM Ltd.                    http://www.uk.debian.org/
|(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20100818/286a70ae/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list