Toshiba shows 2Mbps hardware RNG

[Hal Finney]

When the Intel RNG came out several years ago, built into
the bus controller chipset, it was not widely accepted by the
cryptographic community due to fears of back doors or internal
weaknesses. A generally positive analysis by Cryptographic Research
(http://www.cryptography.com/intelRNG.pdf) failed to assuage these
concerns.

Looking at the block diagram for the new Toshiba circuit, and comparing
with the Intel design, one concern I have is with attacks on the device
via external electromagnetic fields which could modulate current flows
and potentially influence internal random numbers. Intel attempted
to mitigate this attack by using a pair of resistors spaced close
together, and taking differentials between them. I don't see any such
countermeasures in the (admittedly crude) block diagram in the Toshiba
press release.

It's important for cryptographic purposes that the RNG not only produce
good quality random numbers, but that they cannot be influenced by
external processes. One major use case for these devices is inside smart
cards and such where it may be important that no one on the outside
can know what random numbers are being produced. Including the user
of the device within the threat model raises the bar for security of a
hardware RNG.

Hal Finney

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com