Via puts RNGs on new processors

John S. Denker jsd at
Fri Apr 11 08:24:03 EDT 2003

At 4:42 PM -0400 4/8/03, Ian Grigg wrote:
 >>>  * detection of run-time TRNG failures:...
 >> No guaruntee, then no problem.  This seems
 >> to be a userland problem, solved by some
 >> user program that tests the output, run on
 >> an application basis.

On 04/08/2003 05:28 PM, Don Davis wrote:
>    not a commercially salable solution.
>    good RNG tests run _slow_.  i once found a
>    correlation in an RNG's output that showed
>    up only in a set of 30M samples.

I disagree, for multiple reasons, including:
  -- The slow tests are not sufficient, not in
  principle nor in practice, to prove the goodness
  of a randomness generator.
  -- The tests for detecting plausible run-time
  failures are not slow.

For details, see
which says in part:

It would be a huge mistake to use statistical techniques to
``measure'' the entropy density of the raw signal coming
from the hardware. To paraphrase Dijkstra: Measurement
can prove the absence of entropy, but it cannot prove the
presence of entropy. More specifically, there are various
methods that will give an upper bound on the entropy
density, but what we need is a lower bound, which is
something else entirely.


On 04/09/2003 06:58 PM, Vikram Rangnekar wrote:
 > check out this hardware RNG threr is even an inexpensive circuit 

On 04/10/2003 11:31 AM, VaX#n8 wrote:
 > another HW RNG here:

Hmmmm.  What about this:  IMHO a much better RNG, utilizing
hardware that is even more inexpensive:

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list