[Libre-soc-dev] [OpenPOWER-HDL-Cores] microwatt grows up LCA2021
paulus at ozlabs.org
Sat Feb 6 07:31:16 GMT 2021
On Sun, Jan 31, 2021 at 01:08:18PM +0000, Luke Kenneth Casson Leighton wrote:
> (context of link: analysis process for testing RNGs)
> paul the last question asked, about the RNG, slapped wrist for saying it
> can be trusted to be secure! :)
I took the question as a practical question, and as far as I recall I
didn't say anything absolute or theoretical.
> mathematically, nobody can give guarantees (ever), in a nutshell the only
> thing you can say 100% is, "no nightmare scenario has occurred... so far".
That's all you can say about any crypto system. I personally would
rather trust an FPGA that I have programmed myself and where the logic
is simple enough that it is highly unlikely that any
maliciously-introduced correlation could be present, than the HWRNG in
as ASIC where I have no idea what's really producing the numbers.
> there are "degrees of catastrophic breakage" that can be demonstrated
> quicker with less resources, these eliminate the worst algorithms quickly.
> over time you have to spend progressively more resources to find the ways
> in which to find broken-ness, and the really good algorithms survive that
> process far longer...
> ... but nobody, not ever, can make a categorical statement, "this
> cryptographic algorithm is secure".
So, therefore you can never use any cryptographic device? All I said
about the microwatt RNG is that it would be reasonable to use it for
cryptography, and that still seems true to me. I have run dieharder
for days on it without seeing any concerning results. If you know any
other good randomness tests, I could run them too.
> ultimately there is no 100% categorical test which proves security. the
> best that can be done is a process which cautiously declares, "it ain't
> broke... so far"
> sorry for picking up on that and nit-picking :)
Apology accepted. :)
More information about the Libre-soc-dev