Via puts RNGs on new processors
Don Davis
don at mit.edu
Tue Apr 8 14:41:15 EDT 2003
At 12:20 PM -0400 4/8/03, Perry E. Metzger wrote:
> FYI, it appears that Cryptography Research has
> done an evaluation on the RNG. See:
> http://www.cryptography.com/resources/whitepapers/index.html
a one-time evaluation of the RNG's design and of
its output aren't really enough. there are three
related issues, which arise because effective and
thorough TRNG testing are too expensive:
* production-line QA: with modern chip-fab
technology, salable chip yields aren't 100%.
each chip gets run through a validation test,
to make sure that its various functions work
correctly, and a lot of chips get scrapped
because of validation failures. unfortunately,
thorough validation of each chip's TRNG would
take too long (generate some bulk of random
bits, do a few hours or days of CPU-intensive
statistical computations...).
* surely, vendors are going to be unwilling to
discard a chip whose CPU and on-board memory
work, but whose TRNG doesn't work. the ven-
dor might bother to disable the TRNG circuits,
and then sell the faulty chips at a reduced
price for non-crypto applications. but i
expect that most vendors won't bother, but
will silently sell the TRNGs as-is.
* detection of run-time TRNG failures: how
will the CPU or operating system detect that
the TRNG has stopped working properly? surely,
neither the CPU nor the OS is going to spon-
taneously sample and test the TRNG's output
for randomness failures, because proper RNG
testing is computationally expensive.
- don davis, boston
-
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list