Infinite Noise TRNG

by Electronics

Open hardware USB true random number generator

View all updates Feb 18, 2019

Security Update

A new important security update, release 0.3.1 is out! Please update if you’re been using the multiplier and version 0.3.0.

All the details

The issue

You’re only affected if you are:

  • using version 0.3.0 AND
  • using the multiplier AND
  • using a multiplier which is not a factor of four

Thanks to GitHub user wk3-org for the excellent and easily reproducable bug report.

The bug was introduced only in the last release 0.3.0, so if you are on 0.2.6, whether you’re using the multiplier or not, you’re fine.

However, the example configuration shows a multiplier of 10, so it was pretty easy to walk into the trap when you tried the multiplier. Also the CI tests which actually run dieharder tests with multipliers of 10/100/1000 and 10.000 did not catch this.

This seems like a good point to mention that you should not use the multiplier unless you really need it and know what you’re doing.

The fix

Basically, I forgot to adjust a buffer size after the libinfnoise refactoring. This led to repeating patterns on those multipliers (x%4!=0) as more data was read from the buffer than written to in that round (and the last bytes of previous loop-cycle were read twice).

Maybe it would make sense to simply not allow multipliers that result in uneven result sizes (limiting to multipliers dividable by four). Please leave your thoughts in the GitHub issue mentioned above.

So after some debugging, the actual fix was really simple, see this commit

$40,248 raised

of $200 goal

20,124% Funded! Order Below

Product Choices


Infinite Noise TRNG

Get one Infinite Noise TRNG with the transparent enclosure.

Credits Electronics

Our mission is to make open source hardware available for the German and European market and beyond.

Manuel Domke

See Also

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects: