![]() ![]() You can use SHA1 (or even MD5 really) for speed since you don't have a plaintext vulnerability. Once you collect "entropy", you have to clean it up and divorce it from the input in a hard-to-reverse way. That makes it difficult to attack all 32 banks in a reasonable amount of time. Look into the Fortuna PRNG, which uses 32 banks, each one updated half as often as the one before it. This is why you want to keep some entropy around long-term, using EEPROM, SD, etc. You should not output numbers until you know it's safe to do so, even at the cost of speed. Another common attack simply unplugging the unit thus dumping all the accumulated entropy. Same with blasting RFI towards the analogRead() inputs. If heating the board causes a certain max clock jitter, that's an attack vector. You want to collect at least 8 samples of input for each chunk of output, ideally much more. unsigned long bank then later bank+= thisSample is good it will roll-over. It's easier to guess a coin flip than a bucket of coins. The last thing you want to do is spit out entropy as is comes along.
0 Comments
Leave a Reply. |