DakaRand 1.0: revisiting clock drift for entropy generation

In a recent post on his blog, security researcher Dan Kaminsky builds on the work of Matt Blaze and D.P. Mitchell’s TrueRand from 1996 while expanding on his Defcon 20 talk. In summary, any system with two clocks has a hardware number generator. The clocks’ tolerances lead to jitter, producing unmodelable noise in the system.

In his own words: “As announced at Defcon 20 / Black Hat, here’s DakaRand 1.0. Let me be the first to say, I don’t know that this works. Let me also be the first to say, I don’t know that it doesn’t. DakaRand is a collection of modes that tries to convert the difference between clocks into enough entropy that, whether or not it survives academic attack, would certainly force me (as an actual guy who breaks stuff) to go attack something else.”

If you’ve followed Dan’s past projects, you’ve got to figure he’s onto something here even if you don’t quite understand all the implications at first.

The slides from this talk at Defcon 20/ Black Hat can be viewed here. For a complete discussion of Dan’s project and to download DakaRand’s code visit Dan Kaminsky’s Blog.

Join the Conversation

1 Comment

  1. I remember seeing something about using NTP (not OpenNTP) to seed entropy using the FLL/PLL structure in NTPD. I can’t remember where (maybe on the time-nuts reflector). But I think unless NTPD is disciplined solely from a local clock source (e.g., a Rubidium reference or VCOCXO, likely via PPS), then seeding from the drift/jitter violates the TNO (Trust No-One) tenet. The NTP stuff was done with FreeBSD which supports (working from memory) nanokernel timing. Interesting work from Blaze and Mitchell though; maybe some overlap. Wish I could cite links to what I’ve seen before (Whisky-Soaked Brain)…

Leave a comment

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.