[Cryptography] The world's most secure TRNG

Natanael natanael.l at gmail.com
Tue Sep 30 07:03:34 EDT 2014


Den 30 sep 2014 09:55 skrev "Philipp Gühring" <pg at futureware.at>:
>
> > So from a marketing point of view you should put a whitener on the
> > part.
>
> Yes!
>
> But when you do that, (like Intel did with their RdRand), people will
> accuse you of providing malicious randomness that they can´t audit
> anymore, since you whitened it.
>
> Has anyone found a solution to that paradox yet?

Auditable whitening?

Allow the user to verify that the whitener follows the specification by
being able to access the raw RNG output (hardware switch or cables
required?) and to feed the whitener with their own arbitary data for
verification.

Once you're confident the whitener behaves as specified, you just leave it
on as intended.

Intel got criticized for not even allowing access to the raw output before
the whitener, at all. So for all you know it might be running a stream
cipher or a counter through a hash function.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140930/ac9be0ec/attachment.html>


More information about the cryptography mailing list