DakaRand 1.0: revisiting clock drift for entropy generation

Posted on Wednesday, September 5th, 2012 in code, open source, security by the machinegeek

In a recent post on his blog, security researcher Dan Kaminsky builds on the work of Matt Blaze and D.P. Mitchell’s TrueRand from 1996 while expanding on his Defcon 20 talk. In summary, any system with two clocks has a hardware number generator. The clocks’ tolerances lead to jitter, producing unmodelable noise in the system.

In his own words: “As announced at Defcon 20 / Black Hat, here’s DakaRand 1.0. Let me be the first to say, I don’t know that this works. Let me also be the first to say, I don’t know that it doesn’t. DakaRand is a collection of modes that tries to convert the difference between clocks into enough entropy that, whether or not it survives academic attack, would certainly force me (as an actual guy who breaks stuff) to go attack something else.”

If you’ve followed Dan’s past projects, you’ve got to figure he’s onto something here even if you don’t quite understand all the implications at first.

The slides from this talk at Defcon 20/ Black Hat can be viewed here. For a complete discussion of Dan’s project and to download DakaRand’s code visit Dan Kaminsky’s Blog.

This entry was posted on Wednesday, September 5th, 2012 at 12:01 am and is filed under code, open source, security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “DakaRand 1.0: revisiting clock drift for entropy generation”

  1. Drone says:

    I remember seeing something about using NTP (not OpenNTP) to seed entropy using the FLL/PLL structure in NTPD. I can’t remember where (maybe on the time-nuts reflector). But I think unless NTPD is disciplined solely from a local clock source (e.g., a Rubidium reference or VCOCXO, likely via PPS), then seeding from the drift/jitter violates the TNO (Trust No-One) tenet. The NTP stuff was done with FreeBSD which supports (working from memory) nanokernel timing. Interesting work from Blaze and Mitchell though; maybe some overlap. Wish I could cite links to what I’ve seen before (Whisky-Soaked Brain)…

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Peter: Yet another Sunday!
  • Jack: Random comment from KM6MEE. Thanks!
  • KH: A lot of projects that we make will never be cheaper than commodity hardware. It's a choice that each of us will have to make...
  • Drone: @Cyk says: "Well, this is an application that I’d solve with an Android smartphone" BAD idea Cyk: Android Smartphone = Spy on Me Google!
  • Cyk: Well, this is an application that I'd solve with an Android smartphone. Used Moto G phones can be found on Ebay for ~€30, and thanks...