[Cryptography] The world's most secure TRNG

[Philipp Gühring]

Hi Ian,

> If we (the buyer/user) are serious enough about using a hardware part
> then that means we don't trust other parts.  Which also means we don't
> trust your part.  So we have to construct a mixer/PRNG that takes
> inputs
> from a number of collectors.  Your collector being one of them, thanks
> muchly, and it should be fully uncorrelated with the others.

Yes!
 
> Then, because we mix and then plug the result into a PRNG, which
> typically is guaranteed to have a whitened output, there is no need to
> whiten your collector output.

Yes!

> However, because most devs won't understand the above argument, if you
> actually supply an unwhitened RNG then geeks will look at it and decide
> that because they see certain biases in it then it must be broken!  And
> broken they will call it.  And broken will be your sales.

Yes!

> So from a marketing point of view you should put a whitener on the
> part.

Yes!

But when you do that, (like Intel did with their RdRand), people will
accuse you of providing malicious randomness that they can´t audit
anymore, since you whitened it.

Has anyone found a solution to that paradox yet?

I recently heard about a funny concept, to attach your application as a
PDF attachement into a PDF that contains the documentation for your
application, so that none of your users can claim that he did not
read/found the documentation, since there is no other way to get your
software than to open that PDF documentation and getting your software
from there.
Perhaps a way would be to build the RNG in a way that it needs some
special activation code being sent in before it actually turns on, and to
make sure that the activation code is only known when the user has read
the documentation, which states how the whitener has to be implemented if
the users implements his own driver, 

Best regards,
Philipp