摘要:
Disclosed herein are systems, methods, and non-transitory computer-readable storage media for generating random data at an early stage in a boot process. A system practicing the method performs, by a processor based on a first clock, a group of reads of a counter running on a second clock to yield entropy words. In order to produce words with entropy, the system introduces a progressively increasing delay between each of the group of reads of the counter. The system generates entropy words by filling the buffer with successive reads of the least significant bit of the counter and then generates random data by applying a hash algorithm to the entropy words stored in the buffer.
摘要:
Disclosed herein are systems, methods, and non-transitory computer-readable storage media for generating a device dependent cryptographic key in a rate-limited way. A system configured to practice the method first receives data associated with a user. The data associated with the user can be a password, a personal identification number (PIN), or a hash of the password. Then the system performs a first encryption operation on the user data based on a device-specific value to yield first intermediate data and performs a second encryption operation on the first intermediate data based on the device-specific value to yield second intermediate data. Then the system iteratively repeats the second encryption operation until a threshold is met, wherein each second encryption operation is performed on the second intermediate data from a previous second encryption operation. The iterations produce a final cryptographic key which the system can then output or use for a cryptographic operation.
摘要:
Disclosed herein are systems, methods, and non-transitory computer-readable storage media for generating a device dependent cryptographic key in a rate-limited way. A system configured to practice the method first receives data associated with a user. The data associated with the user can be a password, a personal identification number (PIN), or a hash of the password. Then the system performs a first encryption operation on the user data based on a device-specific value to yield first intermediate data and performs a second encryption operation on the first intermediate data based on the device-specific value to yield second intermediate data. Then the system iteratively repeats the second encryption operation until a threshold is met, wherein each second encryption operation is performed on the second intermediate data from a previous second encryption operation. The iterations produce a final cryptographic key which the system can then output or use for a cryptographic operation.
摘要:
Disclosed herein are systems, methods, and non-transitory computer-readable storage media for generating random data at an early stage in a boot process. A system practicing the method performs, by a processor based on a first clock, a group of reads of a counter running on a second clock to yield entropy words. In order to produce words with entropy, the system introduces a progressively increasing delay between each of the group of reads of the counter. The system generates entropy words by filling the buffer with successive reads of the least significant bit of the counter and then generates random data by applying a hash algorithm to the entropy words stored in the buffer.