![]() ![]() Look into the Fortuna PRNG, which uses 32 banks, each one updated half as often as the one before it. This is why you want to keep some entropy around long-term, using EEPROM, SD, etc. ![]() You should not output numbers until you know it's safe to do so, even at the cost of speed. Another common attack simply unplugging the unit thus dumping all the accumulated entropy. Same with blasting RFI towards the analogRead() inputs. If heating the board causes a certain max clock jitter, that's an attack vector. You want to collect at least 8 samples of input for each chunk of output, ideally much more. unsigned long bank then later bank+= thisSample is good it will roll-over. It's easier to guess a coin flip than a bucket of coins. The last thing you want to do is spit out entropy as is comes along. esp8266 HWRNG - RANDOM_REG32 -extremely fast and unpredictable, a 1-stop.esp8266 timing (the background wifi tasks make scheduled micros() fetches indeterminate).esp8266 wifi hotspot scan (ssid, db, etc).clock jitter (low-bandwidth, but usable).micros() (w/ a non-deterministic sample period).I'm not a cryptographer, but I've spent thousands of hours researching and building hardware and software random generators, so let me share some of what I've learned: For max security, you need both unpredictable input and non-deterministic mixing. For example, taking 100 analog reads from 4 ADCs, summing them all, and feeding that to randomSeed would be much better. You are on the right track however, it's just a numbers game, and you need a LOT more of them. RandomSeed(analogRead(x)) will only produce 255 sequences of numbers, which makes it trivial to try all combos and produce an oracle that can couple to your output stream, predicting all the output 100%. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |