[9450] in cryptography@c2.net mail archive
Re: chip-level randomness?
daemon@ATHENA.MIT.EDU (Bram Cohen)
Sat Sep 22 19:04:52 2001
Date: Sat, 22 Sep 2001 09:46:43 -0700 (PDT)
From: Bram Cohen <bram@gawth.com>
To: Nomen Nescio <nobody@dizum.com>
Cc: cryptography@wasabisystems.com, tytso@MIT.EDU
In-Reply-To: <153e1a0c24d26b8e924d3841e93a5e57@dizum.com>
Message-ID: <Pine.LNX.4.21.0109220940280.10559-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 20 Sep 2001, Nomen Nescio wrote:
> If the internal circuitry did output a 60Hz sine wave then regularities
> would still be visible after this kind of whitener. It is a rather
> mild cleanup of the signal.
It does mask patterns to an extent, possibly pushing them inside the
margin for error of the sample size you happen to use in a test.
> It doesn't seem right to object to them including a bias remover.
> They have done other things to reduce bias. For example they use a pair
> of thermal resistors located next to each other on the chip and use the
> difference of the values from each of them, to reduce sensitivity to
> environmental influences. This reduces bias, but should they have left
> the differencing out so that you could more easily measure a possible
> influence?
It's important to have the two of them to get a good estimate of the
amount of entropy it's outputting, although it would also be good if both
row values were available to the CPU, for diagnostic purposes if nothing
else.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
