Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Idea: use HWRNG indirectly #545

Open
szszszsz opened this issue May 1, 2021 · 1 comment
Open

Idea: use HWRNG indirectly #545

szszszsz opened this issue May 1, 2021 · 1 comment

Comments

@szszszsz
Copy link
Contributor

szszszsz commented May 1, 2021

One of the Solokey reviewers recommends avoiding direct RNG use, and instead run its result as seed through secure random generator algorithm. The author has not listed disadvantages of the current solution unfortunately.
Idea to discuss.

Excerpt from:

One thing I noted security wise is that the SoloKeys code uses the TRNG in the MCU directly. I would have expected and recommended using the TRNG as a seed generator for something like a SP 800-90 secure random number generator. And using standardized key derivation algorithms.

Potentially connected:
@szszszsz szszszsz mentioned this issue May 1, 2021
Open
@nickray
Copy link
Member

nickray commented May 1, 2021

For reference, this is what Trussed does (and solo2 uses) with the externally injected TRNG: https://github.com/trussed-dev/trussed/blob/main/src/service.rs#L561-L628

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nickray @szszszsz