• Can be fully scanned in 8 hours • Became a security issue - deprecated since OTP 19 (June 2016) • 8࣌ؒͰશݕࡧͰ͖ͯ͠·͏ • ηΩϡϦςΟʹͳΓOTPόʔδϣϯ19ʢ2016 6݄ʣΑΓඇਪ Kenji Rikitake / Builderscon Tokyo 2018 7-SEP-2018 11
~0.62bit/sec • A dormant Linux server without attached keyboard • /proc/sys/kernel/random/entropy_avail • Bits of entropy (= randomness) in the system • 258 bits / 415.6 seconds (~7 minutes) Kenji Rikitake / Builderscon Tokyo 2018 7-SEP-2018 16
Faire Tokyo 2016 This implementation is working as a dice: generating numbers of 1~6 / αΠίϩಉ༷ʹ1͔Β6· ͰͷࣈΛੜ͢Δ Generating ~10kbytes/sec Kenji Rikitake / Builderscon Tokyo 2018 7-SEP-2018 20
used in the whitening • Whitening is implemented in the driver or the post- processing software • ҉߸ԽϋογϡؔΛద༻͠ ͯग़ྗͷΛҰ༷Խ͢Δॲ ཧʢϗϫΠτχϯάʣ͕ඞཁ Kenji Rikitake / Builderscon Tokyo 2018 7-SEP-2018 25
~10kbytes/sec, more than sufficient for an active server • If you generate a lot of keys/passwords, consider dedicated generator of Mbps or Gbps class (they exist but expensive) • ϋʔυΣΞੜث͕͋Ε~10kόΠτ/ඵҎ্ʢ௨ৗ ͷӡ༻ʹेʣ • ຊؾͰେྔʹ伴ύεϫʔυΛੜ͢ΔͳΒઐ༻ͷ ཧཚੜثΛಋೖ͢͠ Kenji Rikitake / Builderscon Tokyo 2018 7-SEP-2018 27
physical random number generator is essential for secure operation • Do not invent your own methods • ྑ͍ϥϯμϜωεΛಘΔͷ͍͠ • ҆શͳӡ༻ʹ֎෦ͷཧཚஔ͕ෆՄܽ • ࣗݾྲྀͰΒͳ͍ Kenji Rikitake / Builderscon Tokyo 2018 7-SEP-2018 29