[Cryptography] Radioactive random numbers

Perry E. Metzger perry at piermont.com
Tue Sep 17 11:35:34 EDT 2013

Added cme at panix.com -- if you want to re-submit this (and maybe not
top post it) I will approve it...


On Tue, 17 Sep 2013 11:08:43 -0400 Carl Ellison <cme at panix.com> wrote:
> If you can examine your setup and determine all possible memory in
> the device, count that memory in bit-equivalents, and discover that
> the number of bits is small (e.g., <8), then you can apply Maurer's
> test:
> ftp://ftp.inf.ethz.ch/pub/crypto/publications/Maurer92a.pdf
> Of course, if you're concerned that someone has slipped you a CPU
> chip with a PRNG replacing the RNG, you can't detect that without
> ripping the chip apart.
> On 9/12/13 11:00 AM, "Perry E. Metzger" <perry at piermont.com> wrote:
> >On Wed, 11 Sep 2013 17:06:00 -0700 Tony Arcieri <bascule at gmail.com>
> >wrote:
> >> It seems like Intel's approach of using thermal noise is fairly
> >> sound. Is there any reason why it isn't more widely adopted?
> >
> >Actually, I think things like this mostly have been missing
> >because manufacturers didn't understand they were important. Even
> >the Raspberry Pi now has an SoC with a hardware RNG.
> >
> >In addition to getting CPU makers to always include such things,
> >however, a second vital problem is how to gain trust that such RNGs
> >are good -- both that a particular unit isn't subject to a hardware
> >defect and that the design wasn't sabotaged. That's harder to do.
> >
> >Perry
> >-- 
> >Perry E. Metzger		perry at piermont.com
> >_______________________________________________
> >The cryptography mailing list
> >cryptography at metzdowd.com
> >http://www.metzdowd.com/mailman/listinfo/cryptography

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list