Via puts RNGs on new processors

Ian Grigg iang at
Tue Apr 8 21:16:29 EDT 2003

Don Davis wrote:

>    this isn't a salable answer for commercial
>    deployments, though it's a good-enough answer
>    for crypto hobbyists.

I think we have a difference of world views.

My world view would be that there is no such
thing as an acceptable off-the-shelf RNG.  Even
if one were to "rate" such using NIST testing,
etc, how does one know that the unit in hand
is up to the ratings?

If one is relying on some commercially acceptable
rating, then one has also to ensure that the
entire distribution chain - how you got that
chip - is also safe.  If there are such things
as "good" Via chips alongside "bad" Via chips,
how do we know that a bad chip wasn't substituted
in at the last moment?

A lot of this can be solved by making no such
assumption;  this is what the Yarrow framework
espouses.  For any serious (commercial?)
application, it would imply that no single
source is trusted, and many are needed.

>From this point of view, it doesn't matter
whether the Via chip is NIST or not, or whether
compression is good enough or not.  And it
certainly doesn't matter what the marketing
blurb says - the situation is quite unlike
that of the snake oil claims of some cipher
manufacturers.  Effectively, we have solved
the issue of marketing noise in PRNGs.

What matters is that it provides at least some
"probably good" entropy, where good means
valuable as an input to Yarrow.  And, in a
bigger picture sense, what is good is that
there are more of these devices available,
as many as possible.

( About the only context where I can see a
one-stop-shopping approach being relevant
is in such things as USG purchasing, where
all governmental departments are *instructed*
to purchase according to stated NSA guidelines.
In that case, the departments get given the
kit, so it's not their problem.

But, no commercial operation should feel the
need to be constrained to that, and it would
probably find it more efficacious to rely on
an open source, Yarrow-inspired solution. )


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list