[Cryptography] [cryptography] Random number generation influenced, HW RNG

Ray Dillinger bear at sonic.net
Sun Sep 8 13:38:17 EDT 2013


On 09/08/2013 04:27 AM, Eugen Leitl wrote:

> On 2013-09-08 3:48 AM, David Johnston wrote:
>> Claiming the NSA colluded with intel to backdoor RdRand is also to
>> accuse me personally of having colluded with the NSA in producing a
>> subverted design. I did not.

> Well, since you personally did this, would you care to explain the
> very strange design decision to whiten the numbers on chip, and not
> provide direct access to the raw unwhitened output.

Y'know what?  Nobody has to accuse anyone of anything.  The result,
no matter how it came about, is that we have a chip whose output
cannot be checked.  That isn't as good as a chip whose output can
be checked.

A well-described physical process does in fact usually have some
off-white characteristics (bias, normal distribution, etc). Being
able to see those characteristics means being able to verify that
the process is as described.  Being able to see also the whitened
output means being able to verify that the whitening is working
correctly.

OTOH, it's going to be more expensive due to the additional pins of
output required, or not as good because whitening will have to be
provided in separate hardware.

Ray


More information about the cryptography mailing list