[Cryptography] The world's most secure TRNG

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Sep 28 23:27:04 EDT 2014


Bill Cox <waywardgeek at gmail.com> writes:

>I have a quick question for you guys.  For a USB stick TRNG, would you rather
>pay ~$15 for a 100K-byte/second source of true entropy, or ~$30 for a 1M-
>byte/second source?

Since 99.9% of consumers of crypto random numbers will max out at about 128
bits a minute (generating an AES session key every now and then), I'd go for
cost as the main driver.

(Some time ago a large, multibillion-dollar telco asked its general-public
(not commercial) users to rate in order of importance the qualities they
wanted in the service that they provided.  The results were:

1. Cost.
2. Cost.
3. Cost.
4.
5.
6.
7.
8.
9.
10.

They didn't care about reliability [0], availability [0], value-added 
services, the quality of the helpdesk support, whether the ISP tried to filter 
out malware, or anything else, if they saw a competitor that was $5/month 
cheaper then they wanted to know why, and when their bill was going to be 
reduced.  This proved quite distressing to The Mgt., who had put a lot of 
effort into telling potential customers what a fine telco they were, even if 
they weren't necessarily the cheapest).

Having said that, it depends what your market is. These guys:

http://www.idquantique.com/component/content/article.html?id=9

sell quantum RNGs (true quantum RNGs, they document the physics package in a
paper somewhere).  Their target market is things like casinos, so it doesn't
matter if they cost $1K each.

What's your target market?

Peter.

[0] That is, they'd complain if there were issues, but they didn't see it as a
    factor in deciding on which ISP to go with.
    
    (This footnote has two references to it so please read it twice to make
    sure the garbage-collector can mark it as unused later).


More information about the cryptography mailing list