Why is the TRNG slow?

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Why is the TRNG slow?

1,824件の閲覧回数
chriscowdery
Contributor V

I am using the TRNG to generate 16 secure keys, each one is 16 bytes long.

Although the TRNG is working fine in the sense that it does generate random keys, it takes about 10 seconds to generate these keys!!

My code is based on the example for fsl_trng.

Init is like this:

void BOARD_ConfigTRNG(void)    // random number generator
{
    trng_config_t trngConfig;    
    status_t status;    
    TRNG_GetDefaultConfig(&trngConfig);
    /* Set sample mode of the TRNG ring oscillator to Von Neumann, for better random data.
     * It is optional.*/
    trngConfig.sampleMode = kTRNG_SampleModeVonNeumann;
    trngConfig.frequencyCountLimit.maximum = TRNG_MAX_FREQUENCY;

    /* Initialize TRNG */
    status = TRNG_Init(TRNG, &trngConfig);
    if( kStatus_Success != status )
    {    
        zprintf(CRITICAL_IMPORTANCE, "Failed to start random number generator\r\n");
    }
}

And my loop to generate keys is this:

    zprintf(MEDIUM_IMPORTANCE,"Generating security keys...\r\n");
    for (i=0; i<MAX_NUMBER_OF_DEVICES; i++)
    {
        TRNG_GetRandomData(TRNG, SecurityKeys[i], 16);
    }
    zprintf(MEDIUM_IMPORTANCE,"Key generation complete\r\n");

Should this take 10 seconds?, what is wrong?


Thanks,

Chris.

タグ(3)
3 返答(返信)

1,750件の閲覧回数
mjbcswitzerland
Specialist V

Hi Chris

From experience with the TRNG (on Kinetis parts) these long times are 'normal'. That is the price one pays for very high quality randomness....and also the reason why is is used to 'seed' further random numbers generation as opposes to generate further random numbers.

Regards

Mark

[uTasker project developer for Kinetis and i.MX RT]

1,750件の閲覧回数
chriscowdery
Contributor V

Aha, so what you are saying is that I run it once, and put the answer into srand().

Sounds logical - thanks!

Chris.

0 件の賞賛
返信

1,750件の閲覧回数
mjbcswitzerland
Specialist V

Chris

See also: https://community.nxp.com/message/1068168?commentID=1068168#comment-1068168 

Typically pseudo random number generators are used but these need to be seeded with high quality entropy to be secure. Therefore it is the seeding that is critical and where the TRNG is of great value. I give a simplified explanation of how the mbedTLS random number generator works at the link, whereby it is noted that it can be configured to re-seed itself or add additional entropy (I think OpenSSL may call this 'sand') at regular intervals and I would suggest that if the TRNG is running in the background and happens to have new values ready when random numbers are needed its value could be used directly or to re-seed the PRNG. Like this there are never delays (apart from first seed) and the highest quality random numbers can be ensured.

In any case I would look at how srand() works and see whether is allows you to feed in new entropy. For security work it makes sense to know exactly how you PRNG is working because it is the most critical component of such work and relying on a black box which later proves to be faulty or less that adequate may be fatal when high security levels need to be ensured.

Regards

Mark

[uTasker project developer for Kinetis and i.MX RT]