1 changed files with 20 additions and 18 deletions
Unified View
Diff Options
content/2021/05/nearly-complete-rng-guide.html → content/2022/02/nearly-complete-rng-guide.html
View File
| @@ -2,9 +2,8 @@ | |||||
| title: Nearly Complete Guide to RNG on a microcontroller | title: Nearly Complete Guide to RNG on a microcontroller | ||||
| description: > | description: > | ||||
| How to initialize and run an RNG on an STM32L151CC microcontroller. | How to initialize and run an RNG on an STM32L151CC microcontroller. | ||||
| created: !!timestamp '2021-05-18' | |||||
| listable: false | |||||
| time: 12:00 PM | |||||
| created: !!timestamp '2022-02-12' | |||||
| time: 11:50 AM | |||||
| tags: | tags: | ||||
| - security | - security | ||||
| - rng | - rng | ||||
| @@ -29,20 +28,23 @@ for="sn-drbg" class="margin-toggle sidenote-number"></label><input | |||||
| type="checkbox" id="sn-drbg" class="margin-toggle"/><span | type="checkbox" id="sn-drbg" class="margin-toggle"/><span | ||||
| class="sidenote">[NIST](https://www.nist.gov/) also refers to a | class="sidenote">[NIST](https://www.nist.gov/) also refers to a | ||||
| PRNG as a Deterministic Random Bit Generator (DRBG).</span>. PRNGs | PRNG as a Deterministic Random Bit Generator (DRBG).</span>. PRNGs | ||||
| take a seed, and can generate large, effectively unlimited when seeded | |||||
| properly, amounts of random looking data from them. The issue is than | |||||
| if someone is able to obtain the seed, they will be able to predict | |||||
| the subsequent values, allowing breaking security. | |||||
| take a seed, and can generate large, effectively unlimited amounts of | |||||
| random data, when seeded properly. The issue is than if someone is able | |||||
| to obtain the seed, they will be able to predict the subsequent values, | |||||
| allowing breaking security. | |||||
| The standard practice is to gather data from a TRNG, and use it to seed | The standard practice is to gather data from a TRNG, and use it to seed | ||||
| a PRNG. It used to be common that the PRNG would be reseeded, but I | |||||
| agree w/ djb (D. J. Bernstein) that once seeded, no additional seeding | |||||
| is needed<label for="sn-entropy" class="margin-toggle sidenote-number"></label> | |||||
| <input type="checkbox" id="sn-entropy" class="margin-toggle"/> | |||||
| <span class="sidenote">See his blog post | |||||
| a PRNG. It used to be common that the PRNG should more additional random | |||||
| data mixed in, but I agree w/ djb (D. J. Bernstein) that once seeded, no | |||||
| additional seeding is needed<label for="sn-entropy" class="margin-toggle | |||||
| sidenote-number"></label><input type="checkbox" id="sn-entropy" | |||||
| class="margin-toggle"/><span class="sidenote">See his blog post | |||||
| [Entropy Attacks!](https://blog.cr.yp.to/20140205-entropy.html)</span> | [Entropy Attacks!](https://blog.cr.yp.to/20140205-entropy.html)</span> | ||||
| as modern PRNGs are secure enough and can generate enough randomness | |||||
| that their state will not leak. | |||||
| as modern PRNGs are secure and can generate random data such that their | |||||
| state will not leak.<label for="sn-prng-secure" class="margin-toggle | |||||
| sidenote-number"></label><input type="checkbox" id="sn-prng-secure" | |||||
| class="margin-toggle"/><span class="sidenote">That is, taking it's output, | |||||
| that neither past nor future output can be predicted.</span> | |||||
| There are lots of libraries and papers that talk about how to solve the | There are lots of libraries and papers that talk about how to solve the | ||||
| problem for RNGs on a microcontroller that may not have an integrated | problem for RNGs on a microcontroller that may not have an integrated | ||||
| @@ -134,8 +136,8 @@ adequate entropy, as discussed in the papers, and so this method should | |||||
| not be used in those cases, or not solely relied upon. | not be used in those cases, or not solely relied upon. | ||||
| The following is an `awk` script for calculating the min-entropy of the | The following is an `awk` script for calculating the min-entropy of the | ||||
| provided data. Each sample must the first item on a line, and each sample | |||||
| must be a hexadecimal value w/o any leading `0x` or other leading | |||||
| provided data. Each sample must be the first item on a line, and each | |||||
| sample must be a hexadecimal value w/o any leading `0x` or other leading | |||||
| identifier: | identifier: | ||||
| <pre id="min-entropy-awk" class="language-awk fullwidth"><code># Copyright 2021 John-Mark Gurney | <pre id="min-entropy-awk" class="language-awk fullwidth"><code># Copyright 2021 John-Mark Gurney | ||||
| # This script is licensed under the 2-clause BSD license | # This script is licensed under the 2-clause BSD license | ||||
| @@ -262,9 +264,9 @@ does require a little more work to have the code save to this region, | |||||
| rather than RAM, but the STM32 HAL layer has functions that make this | rather than RAM, but the STM32 HAL layer has functions that make this | ||||
| easy. | easy. | ||||
| It would be great if where the PRNG seed could be in read-once, | |||||
| It would be great if the PRNG seed could be stored in read-once, | |||||
| write-once memory to ensure that it can be read, mixed in with any | write-once memory to ensure that it can be read, mixed in with any | ||||
| additional entropy, and the written out, but I do not know of any | |||||
| additional entropy, and then written out, but I do not know of any | |||||
| microcontroller that supports this feature. | microcontroller that supports this feature. | ||||
| Part of this is is to ensure that the the state between the saved | Part of this is is to ensure that the the state between the saved | ||||