[9427] in cryptography@c2.net mail archive
Re: chip-level randomness?
daemon@ATHENA.MIT.EDU (David Wagner)
Thu Sep 20 17:34:56 2001
X-Envelope-To: cryptography@wasabisystems.com
To: cryptography@wasabisystems.com
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 20 Sep 2001 20:49:43 GMT
Message-ID: <9odkp7$6tq$1@abraham.cs.berkeley.edu>
X-Complaints-To: news@abraham.cs.berkeley.edu
Bill Frantz wrote:
>At 2:17 PM -0700 9/19/01, Theodore Tso wrote:
>>It turns out that with the Intel 810 RNG, it's even worse because
>>there's no way to bypass the hardware "whitening" which the 810 chip
>>uses.
>
>Does anyone know what algorithm the "whitening" uses?
Just like von Neumann's unbiasing procedure, but with a few bits of
state instead of just one. See Paul Kocher's analysis for the details.
In short, the whitening is only enough to reduce any biases in the raw
generator, not to remove them.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
