[12981] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Via puts RNGs on new processors

daemon@ATHENA.MIT.EDU (Don Davis)
Tue Apr 8 15:49:09 2003

X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
In-Reply-To: <87fzot9d10.fsf@snark.piermont.com>
Date: Tue, 8 Apr 2003 14:41:15 -0400
From: Don Davis <don@mit.edu>
To: cryptography@wasabisystems.com

At 12:20 PM -0400 4/8/03, Perry E. Metzger wrote:
> FYI, it appears that Cryptography Research has
> done an evaluation on the RNG. See:
> http://www.cryptography.com/resources/whitepapers/index.html

a one-time evaluation of the RNG's design and of
its output aren't really enough.  there are three
related issues, which arise because effective and
thorough TRNG testing are too expensive:

  * production-line QA:  with modern chip-fab
    technology, salable chip yields aren't 100%.
    each chip gets run through a validation test,
    to make sure that its various functions work
    correctly, and a lot of chips get scrapped
    because of validation failures.  unfortunately,
    thorough validation of each chip's TRNG would
    take too long (generate some bulk of random
    bits, do a few hours or days of CPU-intensive
    statistical computations...).

  * surely, vendors are going to be unwilling to
    discard a chip whose CPU and on-board memory
    work, but whose TRNG doesn't work.  the ven-
    dor might bother to disable the TRNG circuits,
    and then sell the faulty chips at a reduced
    price for non-crypto applications.  but i
    expect that most vendors won't bother, but
    will silently sell the TRNGs as-is.

  * detection of run-time TRNG failures:  how
    will the CPU or operating system detect that
    the TRNG has stopped working properly?  surely,
    neither the CPU nor the OS is going to spon-
    taneously sample and test the TRNG's output
    for randomness failures, because proper RNG
    testing is computationally expensive.

				- don davis, boston






-

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
home help back first fref pref prev next nref lref last post