Industry Expert Blogs

Since 2004, I have seen the "Bayesian Estimation of Discrete Entropy" technique used to break mp3 players, mobile devices, tablets, DRM devices from many large international corporations that I won't mention by name. Almost all device secrets originate from a trusted or true random number generator somewhere in the system. What is not a device secret is the usually the algorithm that generated those device secrets. The algorithm is usually part of a standard specification and also known to the attacker. If the algorithm is not known it's to the disadvantage of the attacker. Keep this in mind as it will be useful in developing countermeasures using custom derivation functions that operate on the random number instead of seeding it directly to the PRNG (Pseudo Random Number Generator).

If you can manipulate the input to all 0's or all 1's you can capture the state of the device and generate the same device secret external to the device on a PC. Then it wouldn't be a device secret any more. These device secrets should be generated from some large random number. It seems that 128 bits of entropy can generate 2^128 pool of combinations. You can calculate the correct answer by brute force but that's not feasible to any attacker as time is a factor against the attacker. If it takes 85 years or even 20 years to calculate the answer then usually that is good enough to protect most eco-systems for today's modern consumer electronic devices.