chip-level randomness?
David Wagner
daw at mozart.cs.berkeley.edu
Thu Sep 20 16:49:43 EDT 2001
Bill Frantz wrote:
>At 2:17 PM -0700 9/19/01, Theodore Tso wrote:
>>It turns out that with the Intel 810 RNG, it's even worse because
>>there's no way to bypass the hardware "whitening" which the 810 chip
>>uses.
>
>Does anyone know what algorithm the "whitening" uses?
Just like von Neumann's unbiasing procedure, but with a few bits of
state instead of just one. See Paul Kocher's analysis for the details.
In short, the whitening is only enough to reduce any biases in the raw
generator, not to remove them.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list