[145330] in cryptography@c2.net mail archive
Re: Intel to also add RNG
daemon@ATHENA.MIT.EDU (Paul Wouters)
Mon Jul 12 17:38:27 2010
Date: Mon, 12 Jul 2010 15:37:45 -0400 (EDT)
From: Paul Wouters <paul@xelerance.com>
To: Eric Murray <ericm@lne.com>
cc: cryptography@metzdowd.com, cypherpunks@al-qaeda.net
In-Reply-To: <20100712173638.GA26794@slack>
On Mon, 12 Jul 2010, Eric Murray wrote:
> Then there's FIPS- current 140 doesn't have a provision for HW RNG.
> They certify software RNG only, presumeably because proving a HW RNG to be
> random enough is very difficult. So what's probably the primary market
> (companies who want to meet FIPS) isn't available.
So you can do HWRNG -> SWRNG -> Fips ?
Which is what you should do anyway, in case of a hardware failure. I
know the Linux intel-rng and amd-rng used to produce nice series of
zeros. The padlock rng has never produced warnings piping it through
rngd.
> So while I think it'd be great to have a decent RNG on chip
> (no more blocking on /dev/random!) I don't see it being much of
> a market advantage and would not be surprised if it never makes it in
> to a shipping product.
With every phone doing crypto these days, I'd think you are wrong. Also,
the VIA PadLock already ships with an HWRNG on die. It's been shipping
for years.
Paul
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
