Via puts RNGs on new processors

t.c.jones at t.c.jones at
Tue Apr 8 16:02:53 EDT 2003

FIPS certification requires a certain miminal tests of RNG functionality every 
time the process is started.  ..tom

> At 12:20 PM -0400 4/8/03, Perry E. Metzger wrote:
> > FYI, it appears that Cryptography Research has
> > done an evaluation on the RNG. See:
> >
> a one-time evaluation of the RNG's design and of
> its output aren't really enough.  there are three
> related issues, which arise because effective and
> thorough TRNG testing are too expensive:
>   * production-line QA:  with modern chip-fab
>     technology, salable chip yields aren't 100%.
>     each chip gets run through a validation test,
>     to make sure that its various functions work
>     correctly, and a lot of chips get scrapped
>     because of validation failures.  unfortunately,
>     thorough validation of each chip's TRNG would
>     take too long (generate some bulk of random
>     bits, do a few hours or days of CPU-intensive
>     statistical computations...).
>   * surely, vendors are going to be unwilling to
>     discard a chip whose CPU and on-board memory
>     work, but whose TRNG doesn't work.  the ven-
>     dor might bother to disable the TRNG circuits,
>     and then sell the faulty chips at a reduced
>     price for non-crypto applications.  but i
>     expect that most vendors won't bother, but
>     will silently sell the TRNGs as-is.
>   * detection of run-time TRNG failures:  how
>     will the CPU or operating system detect that
>     the TRNG has stopped working properly?  surely,
>     neither the CPU nor the OS is going to spon-
>     taneously sample and test the TRNG's output
>     for randomness failures, because proper RNG
>     testing is computationally expensive.
> 				- don davis, boston
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list