Great board, great software, scary Atmel part!
For Hashlet
I have my Hashlet working on my Raspberry Pi, just as advertised. I had to google how to enable the I2C port on a Raspberry Pi, because it is disabled by default, but that took me only a few minutes. Compilation worked just as they said, and follwing the README.md instructions worked great. Kudos on the excellent open-software and open-hardware!
However, from my testing of the ATSHA204A crypto chip on the Hashlet, I believe it is likely to be back-doored! When you set update_seed in src/cli/cli_commands.c to false, then the 32-byte "random" value returned by "hashlet random" is always one of the same 100 to 200 values! This implies that only at most 8 bits of true entropy is mixed into the saved seed each time random is called. The most obvious purpose of doing it this way, IMO, is so that anyone who knows the original seed programmed into the part can easily guess the next "random" values it will generate, enabling an attacker to guess all the private keys generated by this device.
This is an awesome project, and software. However, for security, I strongly recommend looking elsewhere.
Response from Cryptotronix, LLC | Dec. 5, 2014
Bill,
Thanks for the review. I'll confirm this behavior and I'll grumble a bit as I wish you'd rather contact me directly. I don't know how the SHA204 does it's seed generation, but it does appear that when the device is woken up and random is pulled immediately (as the driver does), this case occurs. I think it's a bit harsh to call it a backdoor though.
Now, if the seed is updated each time, which is an option to the random command, I have not seen collisions in the numbers generated. It also may be the case that if the device is idled vs put to sleep, there may be improvements. I haven't yet implemented this change. I also haven't tried this on Atmel's ECC108. If you get the chance, please let me know :)
However, even if I change the software to mitigate this, there obviously is a mechanism to obtain a "lower security" state.
If it's random numbers you want, I'll be quick to recommend your own "infinite random number generator" or Paul Campbell's superior OneRNG :p
The ability to store MAC keys and perform MACs are still an interesting capability of this device IMHO and one can always load their own random keys into the memory regions.
Josh