Via puts RNGs on new processors
Don Davis
don at mit.edu
Wed Apr 9 00:45:38 EDT 2003
Don Davis wrote:
>> this isn't a salable answer for commercial
>> deployments, though it's a good-enough answer
>> for crypto hobbyists.
Ian griggs replied:
> there is no such thing as an acceptable off-
> the-shelf RNG. Even if one were to "rate" such
> using NIST testing, etc, how does one know that
> the unit in hand is up to the ratings?
since your goal is to feed a mixing function like
yarrow, it's overkill for the hardware to produce
uniformly-distributed random integers. if instead
the hardware produces a chaotic but structured
signal, then the signal's expected structure can
continually be checked as part of the validation,
before the chaotic signal is fed into the mixing
function.
> For any serious (commercial?) application, ...
> no single source is trusted, and many are needed.
> ... What matters is that it [the Via chip]
> provides at least some "probably good" entropy,
> where good means valuable as an input to Yarrow.
your argument is valid only if yarrow (or some
other mixing function) is getting bits from several
devices, so that a single device's failure doesn't
matter. but, vendors avoid such redundancy (so as
to minimize cost), and tend to ship products with
single-source RNGs.
> ( About the only context where I can see a
> one-stop-shopping approach being relevant
> is in such things as USG purchasing, ...
> But, no commercial operation should feel the
> need to be constrained to that, and it would
> probably find it more efficacious to rely on
> an open source, Yarrow-inspired solution. )
but commercial customers do prefer one-stop-
shopping, wherever possible, and especially in
security. they like turnkey solutions, which
isn't a common characteristic of open-source
systems (for good reasons). i happen to
disagree with your claim that customers
_shouldn't_ want one-stop-shopping, but my opinion
doesn't matter as much as the customers' well-
known preference for simplicity in purchasing,
integration, and support.
- don davis
-
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list