Forum Replies Created

Viewing 2 posts - 91 through 92 (of 92 total)
1 6 7
  • Author
    Posts
  • March 6, 2014 at 10:01 pm in reply to: How does TrueRNG compare to Entropy Key #538

    Ubld.it Staff
    Moderator

    Wow, lots of questions! I will try my best to answer them all.

    The specifications for the TrueRNG are published on this site. We do indeed utilize the avalanche effect in a semiconductor junction for noise generation. We can’t comment on how the Entropy Key, or any other device operates. We haven’t done comparisons nor do we have one of their devices.

    We don’t see a need for XOR with a PRNG. The data produced is sufficiently white for most purposes. For a 1GB file, our testing showed a mean value of 127.5115 (.009% bias). This may be further reduced by additional whitening techniques that may be implemented in software if your application requires it.

    The TrueRNG doesn’t do on-device FIPS 140-2 testing. In the scenario where we seed the Linux kernel, this is performed by the rngd-tools daemon. Any custom application can be implement this as well if this feature is desired. In the case of sensitive applications relying on on-device testing, there is still a chance that the device or method used is flawed and still need to verify your entropy.

    The TrueRNG doesn’t authenticate packets going over the USB bus. If you have someone snooping on your USB bus, or performing a man-in-the-middle attack then you have bigger problems to worry about i fear. Also I would have to question implementation, a pre-shared key would be known, and the risk of man-in-the-middle attack could still be present.

    The TrueRNG doesn’t have hardware tamper resistance. If you are concerned with security at this level, you should be looking at a much more sophisticated device with certification and independent testing with an audit trail. I’m sorry at this time we do not offer this service.

    We don’t attempt to detect external manipulation of the random stream. If you have someone within a close enough proximity with sophisticated enough equipment to manipulate this stream without disrupting other devices then again, you probably have bigger problems to worry about! We have however done in-house testing of trying to persuade the random stream, but we found ourselves destroying the device before that actually happened.

    With all that being said, the TrueRNG is meant to be a low-cost hardware random number generator that is **actually available for purchase**. There are many other devices that cost a lot more which implement additional features if your application requires them.

    Thanks for the questions!

    March 4, 2014 at 3:32 pm in reply to: Did we miss something? #516

    Ubld.it Staff
    Moderator

    Yes, it looks like we forgot to turn on outside registrations. This has been fixed. Sorry about that!

  • Author
    Posts
Viewing 2 posts - 91 through 92 (of 92 total)
1 6 7