About this project
After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it? We honestly don't know, but like a lot of people we're worried about our privacy and security.
What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure. Some people say that they also intercept hardware during shipping to install spyware.
We believe it's time we took back ownership of the hardware we use day to day. This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP.
Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield (a 'tin foil hat') so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell. In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed.
The board cannot be reprogrammed over USB by errant software in your host computer. However we also believe that you don't truly own your hardware if you can't open it and tinker with it, more importantly you can't verify that what we promise is what you actually get if you can't do the same - so we offer the same programmer that we use to program it with, plus a cable as an added premium - we hope you'll hack away and make something even greater with what we've created.
Our boards are real, they have been in beta test for more than six months now, we have drivers for Linux, with Debian and Redhat installers, we've verified that the board works with Windows and Macs and we'll be introducing drivers for them as soon as possible.
Why should you buy one? - well openness is important, but if you're running servers that generate lots of SSL connections you need lots of entropy - your servers can slow down if you just depend on the entropy the kernel collects from its normal operations. OneRNG generates roughly 320kbits of entropy per second, if you need more than that you can connect multiple OneRNG devices to the same machine
If you are hosting virtual servers, your server will consume more entropy than usual. You can choose to use OneRNG to improve the host's random number pool (which is good for some systems), or you can use USB passthrough to connect OneRNG hardware directly to the individual guest OSs.
Sources of Randomness
We have two random sources - the first is an avalanche diode that generates 'quantum noise'. We sample this data in the analog domain which generates ~7 bits of entropy per byte. The second is an RF receiver that operates in and around the 2.4GHz wifi band - it runs a detuned receiver that frequency hops at random times to random channels and returns the least significant bit from the (failed) demodulator -this returns significantly closer to 8 bits per byte of entropy data.
You can easily request from one or both of the noise sources (some purists want just the raw bits) or you can use the built in "whitener" to smear the data together making it harder to predict and better suited for feeding into your kernel's random number generator.
The board is designed to be physically inspected - there's no traditional cover, instead we have a metal RF shield with a removable lid. The metal can is there to stop in internal noise from escaping, but equally to make sure that the internal circuits cannot be interfered with by outside influences. The lid is so you can look inside and make sure the board contains the components you expect. You can also inspect the traces on the top and bottom of the printed circuit board to see if they match our published layout.
We're offering 3 levels of rewards. We plan on doing a small early production run of 400 on our own pick and place machine - these boards will be available as soon as possible after our Kickstarter closes, we're charging a premium for them because small runs cost more, we're also offering 50 of those along with a programmer for those who want to program their own devices.
The basic reward is a OneRNG produced using more mass market production - probably in China - this will take longer but will cost less. There is also a bulk purchase option for those who want to
We're gearing up to manufacture - boards are being built in panels of 24 at a time:
We're going to build the first run of 400 boards on our own manufacturing gear - we have a small pick and place machine along with gear for using solder stencils and two reflow ovens - we've already build a small run for our beta testers to test this work flow.
For volume manufacturing we plan on manufacturing in Shenzhen, China, we made one trip there in may to sound things out and will be dropping in again in late December.
We need to be able to be able to program and test many boards at once, the firmware we're loading into the boards takes a lot of time, this is largely because of the mechanism we're using to sign images and to make them verifiable, so we're building a programming and test fixture for use at our contract manufacturer that can program and test all 24 boards in a panel at once. We need to have this working before we pass off the boards to a Chinese manufacturer.
We'll be using 3 programmer boards driving 4 6-unit bed-of-nails boards in a completed fixture and plan on testing this setup on the boards we build in house before we send it out for volume manufacturing.
Risks and challenges
We have working boards, currently being used by beta users, drivers exist for all major linux distros. The board works under Windows, and on Macs we're looking into providing system level support (kernel drivers are already in place) meanwhile the data is available to you with some simple programming.
We have a small pick and place machine and reflow oven, we already have solder stencils and printed circuit boards to build 400 units.
If we get a low volume we'll build all the boards using the same mechanism, if we get somewhere more than 500 orders at the lower price we'll build in China - either way will take longer.
We have received circuit boards to build a manufacturing test unit (programs and tests 24 boards at once) - we need to complete the programming for this before we can start manufacture - currently the software for this has been coded and debug is under way.
We've spent time in Shenzhen learning how to business there, but this is our first time doing this, we know how to move forward but don't plan to contact potential contract manufacturers until we know we're going to need them.Learn about accountability on Kickstarter
Support this project
- (45 days)