zephyriot / zep-jira14

0 stars 0 forks source link

entropy subsystem #1192

Open nashif opened 8 years ago

nashif commented 8 years ago

Reported by Inaky Perez-Gonzalez:

As a developer, I need a consistent way to generate crypto-grade entropy that can be used to seed pseudo-random-number-generators for crypto, secure storage and hashing.

The subsystem shall support:

The current subsystem implementation (drivers/random) is not sufficient as it allows only a single source of entropy to be used. More solid entropy could be achieved by adding push points, reinforced with HW generated one.

(Imported from Jira ZEP-1314)

nashif commented 7 years ago

by Leandro Pereira:

Took a stab at implementing this. It's currently in code review.

https://github.com/zephyrproject-rtos/zephyr/pull/742

nashif commented 7 years ago

by Ruud Derwig:

A security researcher signaled the lack of a good OS built-in solution for random numbers as well. He looked at several embedded OSes. A good summary of his findings was presented at CCC: https://media.ccc.de/v/33c3-7949-wheel_of_fortune Main issues with small embedded systems are the lack of good entropy sources (the main source of entropy in GP OS CSPRNGS is human interaction (and device complexity), often lacking in small, deeply embedded systems), and PRNGs that are not lightweight. I'll invite him to review and contribute - as part part of his research he developed a solution matching his criteria.

nashif commented 7 years ago

Related to GH-1191