RNG using MCU internal temp. sensor - behaviour of ATmega328P vs. ATmega32M1

[iMo]

He/she may try to create a temperature gradient by heating up the chip shortly, and then generate the bits during the cool down.
Like (for example an 300ohm resistor against Vcc on pinX):
1. cold/reset
2. in a loop make 100000x
3. set pinX low for 1us (or something like that)
4. set pinX high for 1us (or something like that)
5. end loop
6. make random bits
 
PS: you may try with capacitor, instead of the resistor. The heat generates mostly during 0/1 and 1/0 transitions.

[cv007]

>Debatable? Most SRAMs power up to a highly repeatable pattern.

Yes, but not exactly the same every time. There are enough bits that are not repeatable, and you just have to decide how many bytes to look at to get what you need (I just xor through the chosen set of bytes on the top of stack). Since power up happens relatively infrequently, it would take quite a while to discern any pattern or even figure out you had less random than the 16bits you intended to have. If you power up a thousand times and each time gets you a different number, that is probably random enough and you cannot get more random (for a seed number). Power up a million times and you may find a pattern. Reset a thousand times, and your stack is going to be different every time, so your seed will be also. Once you have the seed, now you are back to the known random (rand/lfsr/whatever), where you no longer have to worry about it as you are now getting one of each in some order.

Eventually TRNG's will be on most micros, and we will have no more need to discuss random.

[SiliconWizard]

>Debatable? Most SRAMs power up to a highly repeatable pattern.

Yes, but not exactly the same every time. There are enough bits that are not repeatable, (...)

Yep. This was clearly a debatable topic.

There will also be a difference depending on how long the IC has stayed unpowered. So that's not something very easy/robust to rely on.

[coppice]

Eventually TRNG's will be on most micros, and we will have no more need to discuss random.

That is by no means certain, as companies don't want the potential liabilities associated with their TRNG proving to be less random than expected. Also, no TRNG is truly random. There is always bias, so the debate will never go away. People will always be looking for better randomness.

[cv007]

>People will always be looking for better randomness.

Then I guess we need a Quad-Core TRNG peripheral.

>There will also be a difference depending on how long the IC has stayed unpowered. So that's not something very easy/robust to rely on.

Well, in that case it will be retaining its last state to a certain point, which is quite random as it is the stack. Power down for an amount of time that gets its to be itself again and you now are back to your startup random bits. Power up, changing stack, whatever- all good.

Maybe I'm misunderstanding- I'm assuming only a seed is wanted so some other 'random' generator like an lfsr can appear less predictable. I'm not sure I would want to be testing my (as in me) random theories when an lfsr is a known thing that suits many purposes. I'm quite sure if I started to use an adc, I would surely get something wrong and end up with with something worse than an lfsr type thing. That is why I am using ram, I just wanted to produce some 'random' starting point for the lfsr. Anyhow, it seems to work pretty good.

It is pretty easy to test, and is interesting to see what the ram state is on power up. I had thought it would be more random than what it actually is, but you can also see which bits are the undecided ones.

[iMo]

Always think as an attacker. I want to know more about your LFSR. So I will cool the chip down with LN2 for example, or heat it up to 150deg, where the ram bits will most probably will change their randomness dramatically. An I will put a current probe into the Vcc to see what is going on, etc. etc.
The same with the temperature sensor. The "TRNG on the chip" topic is rather old, there is a lot of papers on it you may find on the web.

[SiliconWizard]

Yes. Obviously it all depends on what you're going to do with your RNG.
If it's for security algorithms - then you're completely right.

Now there are many other uses for good RNGs that are not that critical. Some pseudo-random algorithmic generators are very good as generators, and if you don't mind the sequences being always the same upon startup, as long as the sequence itself has a nice uniform distribution, you can even always use the same seed(s). Depends on what your use is.

In one project (not security related though!), I've used one of Knuth's random generators. I seeded it with a sequence of numbers from the standard C rand() function. The generator itself was WAY better than rand().

[cv007]

>I want to know more about your LFSR

I posted a link to what I am using. Its the kind of random when you want something better than checking a timer, but have no need to communicate with military satellites flying overhead. The sram part is so the random blinking led's don't look exactly the same every time it powers up. The other alternative is just close your eyes when it powers on, and after about 10 seconds you will no longer be able to recognize a pattern.

Since you now have the sequence to my little avr mcu, there will be no need for heat and cold. You just have to figure out what those ram bits will be so you can know where the sequence starts. Then you will be able to know what the blinking led's will do before they do it, and then... I don't know what, I guess you win a prize or something

LFSR's are neat little things.

Maybe there should be different categories of random. I think I'm talking Cat1 random. Cat5 random would be when you don't even know your in Cat5.

[iMo]

Here is an interesting paper from Xilinx - a table with LFSR feedback taps - up to N=168. You may generate a pseudorandom sequence at xxMB/s data rate for XXXXXXXXX millennia
PS: at 50MHz clock 1.2E35 years..