amuck-landowner

The Entropy Key!

Magiobiwan

Insert Witty Statement Here
Verified Provider
I was poking around Reddit and found a link to http://www.entropykey.co.uk/. Seems like an interesting little device. Anyone ever used/heard of it? If I had a server handling a ton of SSL stuff I'd probably get one for it, since it looks to be pretty darn interesting. 
 

willie

Active Member
Yeah it's made by a FOAF of mine.  It's a clever product and I doubt there are backdoors.  However it would be more useful if it had crypto functionality.  There's that much point to a pure external RNG device.
 

Magiobiwan

Insert Witty Statement Here
Verified Provider
From what it says on their website, it uses a method that seems pretty hard to back-door. Unless the NSA can control or predict electron tunneling, a back-door seems VERY unlikely.
 

Shados

Professional Snake Miner
From what it says on their website, it uses a method that seems pretty hard to back-door. Unless the NSA can control or predict electron tunneling, a back-door seems VERY unlikely.
Assuming their implementation is legit. Have you seen anyone actually audit it?

Without external audits, what's the benefit of this over just using the RDRAND instructions in >=Ivy Bridge CPUs?
 

willie

Active Member
Assuming their implementation is legit. Have you seen anyone actually audit it?

Without external audits, what's the benefit of this over just using the RDRAND instructions in >=Ivy Bridge CPUs?
I think the idea is that a govt agency looking to get backdoors added is more likely to target Intel (used by everyone) than some guy making those keys in his garage.  I suppose you could do some limited auditing by disconnecting the noise generator built into the key, and seeing if the output changes. 

I notice the order page says there's now a "very long waiting period" for entropy keys, which sounds to me like they're not making them any more.  You could use a smart card instead: the ones from basiccard.com appear to be very easy to program and use, and the fancier ones have hardware RNG's on chip.
 

drmike

100% Tier-1 Gogent
Manufacturer of those says:

Please note that there is a very long waiting period for Entropy Keys at the moment.
I've seen other similar RNG key devices.   Long been interested in them for other reasons and analyzing the impact of forces on RNG generation.

Price isn't too bad on this model £36.00  + VAT + shipping + who knows what for you Europeans.

Would like to see more of these from different companies --- with different takes on RNG generation.
 
Last edited by a moderator:

BuyCPanel-Kevin

New Member
Verified Provider
This is actually pretty cool, I had no idea applications depend on random numbers so much... But now that I think about it every major application i've ever programmed needed random numbers at one point or another.
 

drmike

100% Tier-1 Gogent
Out of curiosity I went shopping for competing products and geez, now I know why I didn't buy one previously.  Hundreds of dollars each.

EntropyKey is a relative bargain at this price.
 

willie

Active Member
Out of curiosity I went shopping for competing products and geez, now I know why I didn't buy one previously.  Hundreds of dollars each.

EntropyKey is a relative bargain at this price.
This is silly.  EntropyKey is reasonably priced given its low volume nature, but a serious product of this sort has a security barrier around the RNG and a crypto processor inside the barrier, so the raw random bits in a crypto protocol are never visible to the host computer (which is treated as insecure in this context). That type of product goes up into the kilobucks largely because of mumbo jumbo and certifications, but starts in the pennies (GSM sim cards have this functionality right on the chip).  If you really want an RNG on a USB port for some reason, the simplest way is a smart card using its internal RNG.  If you want something totally FOSS, you could program a Digispark ( http://digistump.com/products/1 ) or Trinket ( http://www.adafruit.com/products/1501 ) to collect randomness from an analog noise source on one of its A/D converter pins, and distill it with a hash function running in the microcontroller.  Maybe I'll code up something like that since people seem to want it.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
You build something willie and I'd buy one / use it.  Definitely a need out there for some folks.
 

Raymii

New Member
I've recently used a raspberry pi, USB webcam and a Lava lamp to make a basic PRNG via a json API. Works quite Nice, however, regarding the Navier Stokes equations, is a Lava lamp random enough?
 
Top
amuck-landowner