OneRNG

Open Hardware Random Number Generator

OneRNG is a reliable and Open verifiable USB-connected hardware entropy source & random number generator.

On Trust and Distrust

Distrust is easy

We seem to be making a major claim that you need to place an unusual level of trust in your RNG or Entropy source, because it is a critical piece of infrastructure for your security and privacy.

Certainly in 2013 we discovered that the NSA at least had been involved in large-scale attacks against the use of cryptography, and in some cases in the very design of some of the crypto systems themselves. But does this mean that we should really be worried?

If your RNG has been compromised, attackers know how you create all of your "secret" keys, and know how to read all of your communications. The NSA paid RSA US$10 million in order to get them to use a compromised RNG by default in their BSAFE product, so we know that an unsafe RNG is worth real good hard cash to the right buyer. You don't have to believe me, you can read it all on the Wikipedia page. [citation needed]

But can you verify things?

Intel have built an RNG into their recent chips, referred to by the name of the CPU instruction that invokes it, RdRand. This is a well-designed subsystem, that promises to produce relatively large quantities of high-quality randomness. The promises it makes are so far in advance of the general OS state of the art of collecting limited hardware entropy, that several people have advocated for simply bypassing all the operating system's PRNG work, and just using Intel's RNG directly all the time.

And then the NSA documents leaked by Edward Snowden were released stating :

the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, [...] by working with chipmakers to insert back doors
and the obvious questions were raised - what if this referred to Intel, one of the world's largest chipmakers?

After all, even though Intel have shown us how RdRand works, there is no way to actually verify that the chips you have in your servers actually have that circuit, or whether it is actually being used by the CPU when you call for data, or that the software whitening stage is really being done the way you need.

And this is why the OneRNG strives to earn your trust by being verifiable. We have built a simple system that you can visually inspect, with components that can't be hiding any additional malicious software; and in any case, you can inject your own software instead if you prefer!

Is it plausible?

On the other side of the coin, would an attacker really gain significant value in the general case, by compromising your RNG? Your software can and should test the output of the RNG systems to detect this sort of thing. And there are huge numbers of potential attack points all over your system that will also compromise your secure communications; with the advantage that many of these other attacks have actually been seen in the wild, multiple times, and really do work.

This is summed up well by Adi Shamir's 2002 quote, "Cryptography is typically bypassed, not penetrated".

And the other part of the question - if your communications have been compromised, but that compromise is by an agency such as the NSA, should you really be concerned? Are they actually an entity that you should be defending against?

Imponderables

We don't have an answer to those questions for you, and in fact we can't, because it is your responsibility. All we have to do is to give you an extra option; the option to have an independent hardware entropy source that you can verify to a high standard, and ultimately to trust.

Creative Commons License, BY-SA The OneRNG.info website by Jim Cheetham is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Website copyright © 2019 Jim Cheetham, jim@inode.co.nz; Pictures copyright © 2014, 2015, 2016 Jim Cheetham and/or Paul Campbell; Icons copyright various; see website source on GitHub for details.