[115100] in cryptography@c2.net mail archive
Re: Toshiba shows 2Mbps hardware RNG
daemon@ATHENA.MIT.EDU (alex@alten.org)
Thu Feb 14 17:46:39 2008
From: alex@alten.org
To: pfarrell@pfarrell.com
Cc: cryptography@metzdowd.com
Date: Wed, 13 Feb 2008 20:38:49 -0800
> ----- Original Message -----
> From: "Pat Farrell" <pfarrell@pfarrell.com>
> To:=20
> Subject: Re: Toshiba shows 2Mbps hardware RNG
> Date: Sun, 10 Feb 2008 17:40:19 -0500
>=20
>=20
> Perry E. Metzger wrote:
> > pgut001@cs.auckland.ac.nz (Peter Gutmann) writes:
> >> I've always wondered why RNG speed is such a big deal for anything but=
a few
> >> highly specialised applications.
> >
> > Perhaps it isn't, but any hardware RNG is probably better than none
> > for many apps, and they've managed to put the whole thing in a quite
> > small bit of silicon. The speed is probably icing on the cake.
>=20
> One of the benefits of speed is that you can use cleanup code to=20
> control bias. Carl Ellison put some out on his website last century.
>=20
>=20
It is a HUGE win for designing a crypto system to have a really=20
fast (and good) HW RNG. Being able to generate 10-20,000 AES keys
per second means that you can engineer things that were impossible
to do otherwise. You can generate as many keys as you like, throw
away keys after one time use, treat them as ephemeral authentication
keys (say give a few million or so to a user), etc. Or you could=20
hand a sender 10 MBytes (less than a minute to generate), which then
can be used to create billions of keys (say using Ueli Maurer's=20
Bounded Storage Model). The sender could then use each key to=20
uniquely encrypt (AES CTR) each message of a series of messages or
packets to a receiver (AES key setup is fast). No need for an IV or=20
worrying about message ordering (each one has a key id), or even the
compromise of a key or two.
Randomness is the most fundamental underpinning of a crypto system
and having lots of it on demand is really fabulous to have in our=20
system security design tool box.
- Alex
=20
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
