[Cryptography] Auditing rngs
John Kelsey
crypto.jmk at gmail.com
Tue Jan 21 16:41:00 EST 2014
> On Jan 21, 2014, at 4:18 PM, Thierry Moreau <thierry.moreau at connotech.com> wrote:
...
> You did not prove anything about the 512 bits entropy estimate. You merely postulated it. The deterministic process from (Ex,Ax) to keypairx may be audited like any other software logic implementation.
If the HSM's entropy estimates are correct, or the additional input has as much entropy as is postulated, then the drbg gets to a secure starting point.
There isn't any test you can do on entropy source outputs that will guarantee that they have some claimed amount of entropy, so your complaint seems kinda unavoidable beyond that.
--John
> Regards,
>
> --
> - Thierry Moreau
>
More information about the cryptography
mailing list