[Cryptography] Radioactive random numbers
Thor Lancelot Simon
tls at rek.tjls.com
Thu Sep 12 22:48:27 EDT 2013
On Thu, Sep 12, 2013 at 11:00:47AM -0400, Perry E. Metzger wrote:
>
> In addition to getting CPU makers to always include such things,
> however, a second vital problem is how to gain trust that such RNGs
> are good -- both that a particular unit isn't subject to a hardware
> defect and that the design wasn't sabotaged. That's harder to do.
Or that a design wasn't sabotaged intentionally wasn't sabotaged
accidentally while dropping it into place in a slightly different
product. I've always thought highly of the design of the Hifn RNG
block, and the outside analysis of it which they published, but years
ago at Reefedge we found a bug in its integration into a popular Hifn
crypto processor that evidently had slipped through the cracks -- I
discussed it in more detail last year at
http://permalink.gmane.org/gmane.comp.security.cryptography.randombit/3020 .
Thor
More information about the cryptography
mailing list