Mr RB's RNG and RNGs in general

[RMMM]

Hiding what? You have to assume that whatever device you make will get taken apart. Security through obscurity? Security through obscurity - Wikipedia, the free encyclopedia

I suppose it is always possible to separate the die from the plastic package and inspect the die for the temp sensor, but If you removed the identifying labeling on the uC, the fact that it had a thermal sensor in the uC's packaging would be rather difficult to determine.

Replacing any set number in a RNG algorithm with the number pulled from the analog temperature sensor would add complexity.

 

[Mr RB]

Thye use a detuned radio(s) to generate entropy at Random.org and release the data for people to use;
RANDOM.ORG - The History of RANDOM.ORG

It's an easy system to implement in theory, but radio noise can contain many repeating patterns from mains signals and computing signals. They get around this (or attempt to) by using multiple radios and a post algorithm. My preference would be to use a worse entropy source (that is easier to make and use) and a better entropy (chaotic) algorithm. Besides being a smaller neater implementation it is harder to affect with external interference.

Nsaspook-

Hiding what? You have to assume that whatever device you make will get taken apart. Security through obscurity?

Practically any level of security can be breached with enough resources thrown at it. The practical goal in most cases would be to increase the level of security so it takes a lot more effort than what the result is worth. RMMM's example with using a micro with internal sensor is right in that ball park, and a clever idea.

Can anyone (MisterT? ) check my math above? It's the first time I have tried to calc a number that large (millions of decimal digits), and it doesn't help that my trusty TI is limited to 10^99.

 

[3v0]

If we are getting into the realm of what spies and their backers/governments will do to break encryption the sky is the limit.

 

[RMMM]

I agree.

Considering what D&D enthusiasts would pay for a Good RNG equipt dice roller! So there are plenty of other applications for RNGs than government security. wikileaks anyone?

 

[nsaspook]

I suppose it is always possible to separate the die from the plastic package and inspect the die for the temp sensor, but If you removed the identifying labeling on the uC, the fact that it had a thermal sensor in the uC's packaging would be rather difficult to determine.

Replacing any set number in a RNG algorithm with the number pulled from the analog temperature sensor would add complexity.

It's actually very easy to probe chips for functions if you know what to look for. But there are methods for chip designs that can help with PRNG randomness. Physical Unclonable Function - Wikipedia, the free encyclopedia

And there are attacks...

https://www.electro-tech-online.com/custompdfs/2010/12/084_2PDF.pdf

 

[nsaspook]

This is a simple PIC18 sram PUF routine I've used to generate a random seed (just adding the sram bytes or hashing/crc16 ) for the srand function when using rand(). It uses the eeprom area to store keys and key change data between runs.

/* get random data from sram powerup bits */
unsigned int puf_sram(unsigned char cmode)						// look at random SRAM data for PRNG seed
{										// uses a udata section of memeory PUF_SIZE and eeprom from
unsigned int	e;								// 0 to 2xPUF_SIZE to store key, diff data
static unsigned int	seed=0;							// if cmode is TRUE the stored key will be zeroed and will return 0
unsigned char	entr_s,entr_r,entr_d;

if (seed !=0 ) return seed;

        for (e=0; e<PUF_SIZE; e++) {
	seed = seed + sram_key[e];
	entr_s=sram_key[e];
        	Busy_eep();
        	entr_r = Read_b_eep ( e );			// read eeprom seed data
	entr_d = entr_s^entr_r;				// XOR to look for diff bits

	if (!cmode) {						// cmode  will zero key data history
        	 Busy_eep();
        	 Write_b_eep ( e, entr_s );				// write eeprom key data
        	 Busy_eep();
        	 Write_b_eep ( e+PUF_SIZE, entr_d );		// write eeprom key change data
	} else {
        	 Busy_eep();
        	 Write_b_eep ( e, 0 );			// write zeros to  eeprom key data
	}
            ClrWdt();							// reset the WDT timer
        }

	seed=Make_Crc16(sram_key,PUF_SIZE);		// make seed from crc16 of sram
	if (cmode) seed=0; 						// cmode return 0
	return (seed);
}

C18 code fragment:

#pragma udata sdbank
far unsigned char sram_key[PUF_SIZE];
#pragma udata

.......

// puf_sram(TRUE); // set puf eeprom area to 0's
// PORTF = ~puf_sram(FALSE);
srand(puf_sram(FALSE));

 

[Mr RB]

I updated my RNG page; Black RNG algorithm to replace those old RNG diagrams with the new proper ones.

It also has a heap more information, covering some of the math (thanks MisterT, and you got a mention) and also discussing limitations of the RNG and optimisations for when it is used for cryptographically secure (CSPRNG) applications. I didn't update the Windows RNG software to include the CSPRNG mods yet, as I have real work happening at the moment but it is on my "to-do" list.

However I did make a nice little prime number finder windows freeware;

**broken link removed**

https://www.romanblack.com/Primefinder.htm

As there seemed to be a real shortage of software (prime number finders) out there, apart from those crappy slow on-line converters full of advertising.

My one works instantly, and finds any prime number you want up to 4.29 billion.

 

[nsaspook]

I played around with the idea of a PIC sram based PUF device as a RNG and authenticator. It works but needs shielding and lots of error correction work in any practical manner without a good fuzzy extractor. Here is some C18 code and data (openoffice chart format) generated from a 1 chip, 4 key generations run. It still needs the ECC error bits from the Hamming (7,4) codes to be included in the masking data to normalize the results to help correct for bit drift. Using Reed-Solomon or LDPC ECC codes would be better for a working model as it can handle multi bit errors with ease.