From 9850ebbe5a0008e0652be4d2c89512d1fe80b2a8 Mon Sep 17 00:00:00 2001 From: John-Mark Gurney Date: Sat, 12 Feb 2022 11:50:33 -0800 Subject: [PATCH] clean up and publish RNG, finally.. --- .../02}/nearly-complete-rng-guide.html | 38 ++++++++++--------- 1 file changed, 20 insertions(+), 18 deletions(-) rename content/{2021/05 => 2022/02}/nearly-complete-rng-guide.html (91%) diff --git a/content/2021/05/nearly-complete-rng-guide.html b/content/2022/02/nearly-complete-rng-guide.html similarity index 91% rename from content/2021/05/nearly-complete-rng-guide.html rename to content/2022/02/nearly-complete-rng-guide.html index e7a5ac5..254d188 100644 --- a/content/2021/05/nearly-complete-rng-guide.html +++ b/content/2022/02/nearly-complete-rng-guide.html @@ -2,9 +2,8 @@ title: Nearly Complete Guide to RNG on a microcontroller description: > How to initialize and run an RNG on an STM32L151CC microcontroller. -created: !!timestamp '2021-05-18' -listable: false -time: 12:00 PM +created: !!timestamp '2022-02-12' +time: 11:50 AM tags: - security - rng @@ -29,20 +28,23 @@ for="sn-drbg" class="margin-toggle sidenote-number">[NIST](https://www.nist.gov/) also refers to a PRNG as a Deterministic Random Bit Generator (DRBG).. PRNGs -take a seed, and can generate large, effectively unlimited when seeded -properly, amounts of random looking data from them. The issue is than -if someone is able to obtain the seed, they will be able to predict -the subsequent values, allowing breaking security. +take a seed, and can generate large, effectively unlimited amounts of +random data, when seeded properly. The issue is than if someone is able +to obtain the seed, they will be able to predict the subsequent values, +allowing breaking security. The standard practice is to gather data from a TRNG, and use it to seed -a PRNG. It used to be common that the PRNG would be reseeded, but I -agree w/ djb (D. J. Bernstein) that once seeded, no additional seeding -is needed - -See his blog post +a PRNG. It used to be common that the PRNG should more additional random +data mixed in, but I agree w/ djb (D. J. Bernstein) that once seeded, no +additional seeding is neededSee his blog post [Entropy Attacks!](https://blog.cr.yp.to/20140205-entropy.html) -as modern PRNGs are secure enough and can generate enough randomness -that their state will not leak. +as modern PRNGs are secure and can generate random data such that their +state will not leak.That is, taking it's output, +that neither past nor future output can be predicted. There are lots of libraries and papers that talk about how to solve the problem for RNGs on a microcontroller that may not have an integrated @@ -134,8 +136,8 @@ adequate entropy, as discussed in the papers, and so this method should not be used in those cases, or not solely relied upon. The following is an `awk` script for calculating the min-entropy of the -provided data. Each sample must the first item on a line, and each sample -must be a hexadecimal value w/o any leading `0x` or other leading +provided data. Each sample must be the first item on a line, and each +sample must be a hexadecimal value w/o any leading `0x` or other leading identifier: 
# Copyright 2021 John-Mark Gurney
 # This script is licensed under the 2-clause BSD license
@@ -262,9 +264,9 @@ does require a little more work to have the code save to this region,
 rather than RAM, but the STM32 HAL layer has functions that make this
 easy.
 
-It would be great if where the PRNG seed could be in read-once,
+It would be great if the PRNG seed could be stored in read-once,
 write-once memory to ensure that it can be read, mixed in with any
-additional entropy, and the written out, but I do not know of any
+additional entropy, and then written out, but I do not know of any
 microcontroller that supports this feature.
 
 Part of this is is to ensure that the the state between the saved