Once you collect "entropy", you have to clean it up and divorce it from the input in a hard-to-reverse way. That makes it difficult to attack all 32 banks in a reasonable amount of time. Look into the Fortuna PRNG, which uses 32 banks, each one updated half as often as the one before it. This is why you want to keep some entropy around long-term, using EEPROM, SD, etc. You should not output numbers until you know it's safe to do so, even at the cost of speed. Another common attack simply unplugging the unit thus dumping all the accumulated entropy. Same with blasting RFI towards the analogRead() inputs. If heating the board causes a certain max clock jitter, that's an attack vector. You want to collect at least 8 samples of input for each chunk of output, ideally much more.
unsigned long bank then later bank+= thisSample is good it will roll-over. It's easier to guess a coin flip than a bucket of coins. The last thing you want to do is spit out entropy as is comes along.
#RANDOM ARDUINO SOFTWARE#
I'm not a cryptographer, but I've spent thousands of hours researching and building hardware and software random generators, so let me share some of what I've learned: For max security, you need both unpredictable input and non-deterministic mixing. For example, taking 100 analog reads from 4 ADCs, summing them all, and feeding that to randomSeed would be much better. You are on the right track however, it's just a numbers game, and you need a LOT more of them. RandomSeed(analogRead(x)) will only produce 255 sequences of numbers, which makes it trivial to try all combos and produce an oracle that can couple to your output stream, predicting all the output 100%.
0 kommentar(er)
