clean up and publish RNG, finally..

content/2021/05/nearly-complete-rng-guide.html → content/2022/02/nearly-complete-rng-guide.html

@@ -2,9 +2,8 @@
 title: Nearly Complete Guide to RNG on a microcontroller
 description: >
   How to initialize and run an RNG on an STM32L151CC microcontroller.
-created: !!timestamp '2021-05-18'
-listable: false
-time: 12:00 PM
+created: !!timestamp '2022-02-12'
+time: 11:50 AM
 tags:
   - security
   - rng
@@ -29,20 +28,23 @@ for="sn-drbg" class="margin-toggle sidenote-number"></label><input
 type="checkbox" id="sn-drbg" class="margin-toggle"/><span
 class="sidenote">[NIST](https://www.nist.gov/) also refers to a
 PRNG as a Deterministic Random Bit Generator (DRBG).</span>.  PRNGs
-take a seed, and can generate large, effectively unlimited when seeded
-properly, amounts of random looking data from them.  The issue is than
-if someone is able to obtain the seed, they will be able to predict
-the subsequent values, allowing breaking security.
+take a seed, and can generate large, effectively unlimited amounts of
+random data, when seeded properly.  The issue is than if someone is able
+to obtain the seed, they will be able to predict the subsequent values,
+allowing breaking security.
 
 The standard practice is to gather data from a TRNG, and use it to seed
-a PRNG.  It used to be common that the PRNG would be reseeded, but I
-agree w/ djb (D. J. Bernstein) that once seeded, no additional seeding
-is needed<label for="sn-entropy" class="margin-toggle sidenote-number"></label>
-<input type="checkbox" id="sn-entropy" class="margin-toggle"/>
-<span class="sidenote">See his blog post
+a PRNG.  It used to be common that the PRNG should more additional random
+data mixed in, but I agree w/ djb (D. J. Bernstein) that once seeded, no
+additional seeding is needed<label for="sn-entropy" class="margin-toggle
+sidenote-number"></label><input type="checkbox" id="sn-entropy"
+class="margin-toggle"/><span class="sidenote">See his blog post
 [Entropy Attacks!](https://blog.cr.yp.to/20140205-entropy.html)</span>
-as modern PRNGs are secure enough and can generate enough randomness
-that their state will not leak.
+as modern PRNGs are secure and can generate random data such that their
+state will not leak.<label for="sn-prng-secure" class="margin-toggle
+sidenote-number"></label><input type="checkbox" id="sn-prng-secure"
+class="margin-toggle"/><span class="sidenote">That is, taking it's output,
+that neither past nor future output can be predicted.</span>
 
 There are lots of libraries and papers that talk about how to solve the
 problem for RNGs on a microcontroller that may not have an integrated
@@ -134,8 +136,8 @@ adequate entropy, as discussed in the papers, and so this method should
 not be used in those cases, or not solely relied upon.
 
 The following is an `awk` script for calculating the min-entropy of the
-provided data.  Each sample must the first item on a line, and each sample
-must be a hexadecimal value w/o any leading `0x` or other leading
+provided data.  Each sample must be the first item on a line, and each
+sample must be a hexadecimal value w/o any leading `0x` or other leading
 identifier:
 <pre id="min-entropy-awk" class="language-awk fullwidth"><code># Copyright 2021 John-Mark Gurney
 # This script is licensed under the 2-clause BSD license
@@ -262,9 +264,9 @@ does require a little more work to have the code save to this region,
 rather than RAM, but the STM32 HAL layer has functions that make this
 easy.
 
-It would be great if where the PRNG seed could be in read-once,
+It would be great if the PRNG seed could be stored in read-once,
 write-once memory to ensure that it can be read, mixed in with any
-additional entropy, and the written out, but I do not know of any
+additional entropy, and then written out, but I do not know of any
 microcontroller that supports this feature.
 
 Part of this is is to ensure that the the state between the saved