[Gnuk-users] Security of NeuG?

[Jonathan Schleifer]

Am 16.02.2015 um 03:24 schrieb NIIBE Yutaka <gniibe at fsij.org>:

> On 02/16/2015 12:30 AM, Jonathan Schleifer wrote:
>> Thus I'm wondering: Is NeuG "secure enough" for long term keys?
> 
> I think that a standard practice would be mixing multiple entropy
> sources (if available), even if one (or many) of sources is/are not
> trusted.  I'd rather recommend not to stop your HAVEGED.

I didn't want to run HAVEGED and rngd, as I feared that the two would have a race which HAVEGED might win, resulting in never getting randomness from NeuG (both only add randomness if they think there isn't enough).

> For NeuG, I believe that the implementation and its principle is
> secure enough.
> 
> Its principle is that: The source of entropy is by the sampling of ADC
> itself.  I know that most engineers care about the source of signals
> much and tend to prefer some (exotic) sources like zenner diode, radio
> wave, photon, or nuclear thing, but in the principle of NeuG, it
> doesn't matter, provided it's not controllable by anyone.

Is simply sampling the ADC enough? I mean, won't there be some patterns in the noise? Are there some checks to see that you don't get e.g. zeros constantly?

--
Jonathan