[13004] in cryptography@c2.net mail archive
Re: Via puts RNGs on new processors
daemon@ATHENA.MIT.EDU (Ben Laurie)
Thu Apr 10 11:06:10 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Wed, 09 Apr 2003 20:26:13 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: David Wagner <daw@mozart.cs.berkeley.edu>
Cc: cryptography@wasabisystems.com
In-Reply-To: <b71dph$roa$1@abraham.cs.berkeley.edu>
David Wagner wrote:
> Ian Grigg wrote:
>
>>My world view would be that there is no such
>>thing as an acceptable off-the-shelf RNG.
>
>
> Why not? You rely on an off-the-shelf CPU, don't you?
> The CPU must be trusted just as much as the RNG.
>
>
>>If one is relying on some commercially acceptable
>>rating, then one has also to ensure that the
>>entire distribution chain - how you got that
>>chip - is also safe. If there are such things
>>as "good" Via chips alongside "bad" Via chips,
>>how do we know that a bad chip wasn't substituted
>>in at the last moment?
>
>
> Do you worry about this for your CPU? If not, why should
> the RNG component of your CPU be any different?
It seems clear to me that its hard to subvert a general CPU such that it
does predictable damage to randomness. However, the same cannot be said
about a hardware RNG.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
