Via puts RNGs on new processors

Don Davis don at
Tue Apr 8 17:28:20 EDT 2003

At 12:20 PM -0400 4/8/03, Perry E. Metzger wrote:
>>> FYI, it appears that Cryptography Research has
>>> done an evaluation on the RNG. See:

> Don Davis wrote:
>> a one-time evaluation of the RNG's design
>> and of its output aren't really enough. 
>> there are three related issues, 
>>   * production-line QA:

   At 4:42 PM -0400 4/8/03, Ian Grigg wrote:
   > This could be solved by selling the chip
   > "as is".  With no guaruntee of performance,
   > leaving each user to make their own tests.

   this isn't a salable answer for commercial
   deployments, though it's a good-enough answer
   for crypto hobbyists.

>>   * detection of run-time TRNG failures:...

   > No guaruntee, then no problem.  This seems
   > to be a userland problem, solved by some
   > user program that tests the output, run on
   > an application basis.

   again, not a commercially salable solution.
   good RNG tests run _slow_.  i once found a
   correlation in an RNG's output that showed
   up only in a set of 30M samples.

>>   * surely, vendors are going to be unwilling
>>     to discard a chip whose CPU and on-board
>>     memory work, but whose TRNG doesn't work.

   > run the TRNG for a couple of seconds,
   > compress the result, and use the result
   > to decide whether the chip goes into the
   > "good" bucket or the "no-TRNG" bucket.

   i'm sorry, but compressibility is not a
   sensitive randomness test at all, much
   less is it a thorough randomness test.

> The main thing about use of random number
> sources is to never trust a single source;
> ... From that point of view, an on-chip RNG
> would be a really useful input into Yarrow.

agreed.  but this undermines the on-chip TRNG's
"one stop shopping" claim to fame.

				- don davis


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list