[Cryptography] Radioactive random numbers
Perry E. Metzger
perry at piermont.com
Tue Sep 17 11:35:34 EDT 2013
Added cme at panix.com -- if you want to re-submit this (and maybe not
top post it) I will approve it...
On Tue, 17 Sep 2013 11:08:43 -0400 Carl Ellison <cme at panix.com> wrote:
> If you can examine your setup and determine all possible memory in
> the device, count that memory in bit-equivalents, and discover that
> the number of bits is small (e.g., <8), then you can apply Maurer's
> Of course, if you're concerned that someone has slipped you a CPU
> chip with a PRNG replacing the RNG, you can't detect that without
> ripping the chip apart.
> On 9/12/13 11:00 AM, "Perry E. Metzger" <perry at piermont.com> wrote:
> >On Wed, 11 Sep 2013 17:06:00 -0700 Tony Arcieri <bascule at gmail.com>
> >> It seems like Intel's approach of using thermal noise is fairly
> >> sound. Is there any reason why it isn't more widely adopted?
> >Actually, I think things like this mostly have been missing
> >because manufacturers didn't understand they were important. Even
> >the Raspberry Pi now has an SoC with a hardware RNG.
> >In addition to getting CPU makers to always include such things,
> >however, a second vital problem is how to gain trust that such RNGs
> >are good -- both that a particular unit isn't subject to a hardware
> >defect and that the design wasn't sabotaged. That's harder to do.
> >Perry E. Metzger perry at piermont.com
> >The cryptography mailing list
> >cryptography at metzdowd.com
Perry E. Metzger perry at piermont.com
More information about the cryptography