[Cryptography] Photon beam splitters for "true" random number generation ?

[dj at deadhat.com]

>
> What's the point anyway? In a real system, there are lots of points
> *after* the actual generation of a random event where the bitstream
> may be compromised (and certification doesn't mean anything, as the
> certifiers are also your usual adversaries, and they are just a way
> for lawyers to point fingers at each other anyway, or, like most
> certifications, they are marketing hype to get upper-level management
> to sign off on expensive purchases.
>

While I tend to concur with the assessment that certification is more a
marketing tick box item, that doesn't mean it doesn't add value. I'm not
seeing any other 3rd party auditing capability that is doing a better job.
So certifications are about the only thing purchasing businesses have to
go on.

We paid for CRI to do an audit of ours and it proved invaluable, but
that's hardly a scalable solution or affordable and doesn't yield a
certification. We have a couple of NIST certs for a couple of our
products, but those are CAVS. The entropy assessment side is still ad-hoc,
not a part of CAVS and FIPS 140 requirements run counter to security
goals.

When I know I can sign up to the "Good guys who really know what they are
doing looked at this" ceritfication, I'll be happier.

For now, NIST are slowly getting around to establishing reasonable tests.
I have high hopes and low expectations for the predictor tests that I
understand will be in the next draft of SP800-90B. The Markov test got
messed up in the last SP800-90B draft relative to the original algorithm
in the paper. Trying to make it more plug-and-play made it useless as a
analytic tool. You need to shmoo it across different sequence lengths and
group sizes to find the worst case. That parameterizability went away in
the SP800-90B draft.