[12984] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Via puts RNGs on new processors

daemon@ATHENA.MIT.EDU (t.c.jones@att.net)
Tue Apr 8 16:10:29 2003

X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
From: t.c.jones@att.net
To: Don Davis <don@mit.edu>
Cc: cryptography@wasabisystems.com
Date: Tue, 08 Apr 2003 20:02:53 +0000

FIPS certification requires a certain miminal tests of RNG functionality every 
time the process is started.  ..tom

> At 12:20 PM -0400 4/8/03, Perry E. Metzger wrote:
> > FYI, it appears that Cryptography Research has
> > done an evaluation on the RNG. See:
> > http://www.cryptography.com/resources/whitepapers/index.html
> 
> a one-time evaluation of the RNG's design and of
> its output aren't really enough.  there are three
> related issues, which arise because effective and
> thorough TRNG testing are too expensive:
> 
>   * production-line QA:  with modern chip-fab
>     technology, salable chip yields aren't 100%.
>     each chip gets run through a validation test,
>     to make sure that its various functions work
>     correctly, and a lot of chips get scrapped
>     because of validation failures.  unfortunately,
>     thorough validation of each chip's TRNG would
>     take too long (generate some bulk of random
>     bits, do a few hours or days of CPU-intensive
>     statistical computations...).
> 
>   * surely, vendors are going to be unwilling to
>     discard a chip whose CPU and on-board memory
>     work, but whose TRNG doesn't work.  the ven-
>     dor might bother to disable the TRNG circuits,
>     and then sell the faulty chips at a reduced
>     price for non-crypto applications.  but i
>     expect that most vendors won't bother, but
>     will silently sell the TRNGs as-is.
> 
>   * detection of run-time TRNG failures:  how
>     will the CPU or operating system detect that
>     the TRNG has stopped working properly?  surely,
>     neither the CPU nor the OS is going to spon-
>     taneously sample and test the TRNG's output
>     for randomness failures, because proper RNG
>     testing is computationally expensive.
> 
> 				- don davis, boston
> 
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
home help back first fref pref prev next nref lref last post