[Cryptography] The world's most secure TRNG
Bill Cox
waywardgeek at gmail.com
Tue Sep 30 15:58:46 EDT 2014
On Tue, Sep 30, 2014 at 7:03 AM, Natanael <natanael.l at gmail.com> wrote:
>
> Den 30 sep 2014 09:55 skrev "Philipp Gühring" <pg at futureware.at>:
> >
> > > So from a marketing point of view you should put a whitener on the
> > > part.
> >
> > Yes!
>
Thanks for that suggestion. I'll whiten with some of the leftover gates.
How to do a decent job sounds like a fun problem.
> > But when you do that, (like Intel did with their RdRand), people will
> > accuse you of providing malicious randomness that they can´t audit
> > anymore, since you whitened it.
> >
> > Has anyone found a solution to that paradox yet?
>
> Auditable whitening?
>
Will do! I'll have the default power-on state be to whiten, while there
will be a simple value you write to the USB port to toggle whitening.
Allow the user to verify that the whitener follows the specification by
> being able to access the raw RNG output (hardware switch or cables
> required?) and to feed the whitener with their own arbitary data for
> verification.
>
> Once you're confident the whitener behaves as specified, you just leave it
> on as intended.
>
> Intel got criticized for not even allowing access to the raw output before
> the whitener, at all. So for all you know it might be running a stream
> cipher or a counter through a hash function.
>
What's worse, IMO, is that they claim an audit mode exists, and is used in
debug and also during device testing, but they wont let us know how to
activate it.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140930/26398e88/attachment.html>
More information about the cryptography
mailing list