Via puts RNGs on new processors
t.c.jones at att.net
t.c.jones at att.net
Tue Apr 8 16:02:53 EDT 2003
FIPS certification requires a certain miminal tests of RNG functionality every
time the process is started. ..tom
> At 12:20 PM -0400 4/8/03, Perry E. Metzger wrote:
> > FYI, it appears that Cryptography Research has
> > done an evaluation on the RNG. See:
> > http://www.cryptography.com/resources/whitepapers/index.html
>
> a one-time evaluation of the RNG's design and of
> its output aren't really enough. there are three
> related issues, which arise because effective and
> thorough TRNG testing are too expensive:
>
> * production-line QA: with modern chip-fab
> technology, salable chip yields aren't 100%.
> each chip gets run through a validation test,
> to make sure that its various functions work
> correctly, and a lot of chips get scrapped
> because of validation failures. unfortunately,
> thorough validation of each chip's TRNG would
> take too long (generate some bulk of random
> bits, do a few hours or days of CPU-intensive
> statistical computations...).
>
> * surely, vendors are going to be unwilling to
> discard a chip whose CPU and on-board memory
> work, but whose TRNG doesn't work. the ven-
> dor might bother to disable the TRNG circuits,
> and then sell the faulty chips at a reduced
> price for non-crypto applications. but i
> expect that most vendors won't bother, but
> will silently sell the TRNGs as-is.
>
> * detection of run-time TRNG failures: how
> will the CPU or operating system detect that
> the TRNG has stopped working properly? surely,
> neither the CPU nor the OS is going to spon-
> taneously sample and test the TRNG's output
> for randomness failures, because proper RNG
> testing is computationally expensive.
>
> - don davis, boston
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list