User manual VIA C5P WHITE PAPER

[. . . ] VIA C5P Security Application Note Version 0. 98 This is Version 0. 98 of the VIA C5P Security Application Note. © 2003 VIA Technologies, Inc. All Rights Reserved. VIA Technologies and Centaur Technology reserve the right to make changes in its products without notice in order to improve design or performance characteristics. This publication neither states nor implies any representations or warranties of any kind, including but not limited to any implied warranty of merchantability or fitness for a particular purpose. No license, express or implied, to any intellectual property rights is granted by this document. [. . . ] While the VIA C3 Nehemiah processor RNG provides 16 17 (In choosing an example, I couldn't resist this name. ) See Menezes et. Department of Commerce/NIST, 1995 VIA C5P Security Application Note - 14 both high performance and high quality output, users may choose to use it in conjunction with software based algorithms. Physical Sources In terms of randomness characteristics, entropy generators based on physical phenomena fall in between software generators and quantum based hardware generators. The idea here is to sample some random(?) physical process and assume the samples are truly random. Unfortunately, computers and software tend to be very predictable, so designers must be very careful to ensure that they collect good entropy. For example, a widely used PC encryption program derives its keys from several seconds of mouse movements and keystroke timing (directed by the program). The Linux operating system has random number generators (/dev/random and /dev/urandom) that use entropy generated by the keyboard, mouse, interrupts, and disk drive behavior as the seed. Microsoft's CryptGenRandom function (part of the Microsoft CryptoAPI) is similar. It uses, for instance, mouse or keyboard timing input, that are then added to both the stored seed and various system data and user data such as the process ID and thread ID, the system clock, the system time, the system counter, memory status, free disk clusters, the hashed user environment block, as the seed. Many other similar environmental sources of randomness have been tried. While these physical activities may look random, their randomness cannot be proven, and they run the risk of generating poor entropy (or no entropy) if the sampled physical activity is dormant or repetitive. There are several potential security vulnerabilities when using such physical activities. For example, in networked applications such as browsers, the application traffic between a client and server effectively publishes the locations and sequence of the client's mouse-events. Similarly, users may enable "snap-to" options that center the mouse pointer in the center of the button to be pressed and make the click locations predictable. As a result, the entropy from mouse movements in these environments could be far less than an RNG designer expected. Similarly, asking the user to create entropy using the keyboard creates bias since humans tend to follow certain patterns in typing (such as a tendency to use the center of the keyboard). In summary, it is dangerous to use the entropy values directly as random numbers. Instead, the entropy values are usually used as the seed to a good hash algorithm to produce the final random numbers. (In the Microsoft CryptoAPI and Linux examples, a SHA-1 algorithm is applied to the entropy seeds). Other common problems with entropy generators on computers are that they require hooks in the operating system, they are difficult to test, they often require some user involvement, and they are slow (since they are based on macro physical events). An unusual example of a physically-based random source is available through www. random. org, which continually provides generated random numbers using atmospheric noise (sampled as radio frequency noise). The rate varies, but this generator typically produces about 40, 000 bits per second. [. . . ] No ACE failures have been observed in production steppings of the VIA C5P. Cryptography Research, Inc. , has recently completed a (brief) security evaluation of the Advanced Cryptography Engine. A copy of the report is available at: www. somesite. org From their summary: "Marketing quote from CRI" Customers interested in testing the ACE for themselves should obtain a copy of the VIA C5P Advanced Cryptography Engine Programmers Guide for programming details. They may also request (please refer to the Programmers Guide for contact information) a copy of our test package. [. . . ]