[Cryptography] Duh, why aren't most embedded TRNGs designed this way?

Ben Laurie benl at google.com
Fri May 21 17:02:51 EDT 2021


I'm not even sure why we're discussing this *again*, but...


On Fri, 21 May 2021 at 21:39, Joachim Strömbergson <joachim at strombergson.com>
wrote:

> Aloha!
>
> Kent Borg wrote on 2021-05-17 18:28:
> > The hard part about RNGs is that when they fail, they usually do so
> > silently.
>
> The standards, like SP 800-90, BSI A20/A31 actuall includes test to be
> run on-line to continuously monitor your entropy source [0]. One issue
> with some of these tests is that they may require quite a lot of data to
> "warm up".


Another issue is that a counter encrypted with a known AES key will pass
these tests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210521/445fa499/attachment.htm>


More information about the cryptography mailing list