[6559] in cryptography@c2.net mail archive
Re: [PGP]: PGP 6.5.2 Random Number Generator (RNG) support
daemon@ATHENA.MIT.EDU (bram)
Wed Feb 2 19:48:46 2000
Date: Wed, 2 Feb 2000 16:18:40 -0800 (PST)
From: bram <bram@gawth.com>
To: Martin Minow <minow@pobox.com>
Cc: lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>, cryptography@c2.net
In-Reply-To: <3898A5E9.D66B3596@pobox.com>
Message-ID: <Pine.LNX.4.10.10002021614150.13647-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 2 Feb 2000, Martin Minow wrote:
> > http://www.cryptography.com/intelRNG.pdf.
>
> The one problem I have with the RNG, based on my reading of the
> analysis, is that programmers cannot access the "raw" bitstream,
> only the stream after the "digital post-processing" that converts
> the bitstream into a stream of balanced 1 and 0 bits.
It not only does that, it hashes the thing using sha-1. For all we know,
the thing might be producing unacceptably small amounts of entropy for
crypto purposes but large enough amounts that it hardly ever repeats.
The work on the studying the output of Intel's RNG has only had accessed
to the post-processed output, plus I believe a file directly from Intel
which was claimed to be unprocessed output. Yeah ... right.
If Intel wants people to trust them, they should quit acting like they're
coving for bad engineering.
-Bram
