Via puts RNGs on new processors

Don Davis don at
Wed Apr 9 00:45:38 EDT 2003

Don Davis wrote:
>>    this isn't a salable answer for commercial
>>    deployments, though it's a good-enough answer
>>    for crypto hobbyists.

Ian griggs replied:
> there is no such thing as an acceptable off-
> the-shelf RNG.  Even if one were to "rate" such
> using NIST testing, etc, how does one know that
> the unit in hand is up to the ratings?

since your goal is to feed a mixing function like
yarrow, it's overkill for the hardware to produce
uniformly-distributed random integers.  if instead
the hardware produces a chaotic but structured
signal, then the signal's expected structure can
continually be checked as part of the validation,
before the chaotic signal is fed into the mixing

> For any serious (commercial?) application, ...
> no single source is trusted, and many are needed.
> ... What matters is that it [the Via chip]
> provides at least some "probably good" entropy,
> where good means valuable as an input to Yarrow.  

your argument is valid only if yarrow (or some
other mixing function) is getting bits from several
devices, so that a single device's failure doesn't
matter.  but, vendors avoid such redundancy (so as
to minimize cost), and tend to ship products with
single-source RNGs.

> ( About the only context where I can see a
> one-stop-shopping approach being relevant
> is in such things as USG purchasing, ...
> But, no commercial operation should feel the
> need to be constrained to that, and it would
> probably find it more efficacious to rely on
> an open source, Yarrow-inspired solution. )

but commercial customers do prefer one-stop-
shopping, wherever possible, and especially in
security.  they like turnkey solutions, which
isn't a common characteristic of open-source
systems (for good reasons).  i happen to
disagree with your claim that customers
_shouldn't_ want one-stop-shopping, but my opinion
doesn't matter as much as the customers' well-
known preference for simplicity in purchasing,
integration, and support.

				- don davis


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list