[117889] in Cypherpunks

home help back first fref pref prev next nref lref last post

In Chips We Trust: critical system design

daemon@ATHENA.MIT.EDU (Anonymous)
Tue Sep 14 11:21:46 1999

Date: Tue, 14 Sep 1999 17:01:25 +0200 (CEST)
Message-Id: <199909141501.RAA30596@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@algebra.com
Reply-To: Anonymous <nobody@replay.com>

At 05:30 AM 9/14/99 GMT, phelix@vallnet.com wrote:
>While I certainly agree, I wonder if someone at the Fab could change the
>recipe in some way that would introduce a subtle bias in a random number
>generator.  A little extra dopant is all it takes.

Not in a robust RNG design, because a good RNG is designed to tolerate
process, wafer, etc. variability.

Ie, there is enough redundancy in a good design.  Enough *safety margin*
built in the analog design, and in the digital hashing of raw bits.

There should always be start-time, and run-time checks
to assure that the RNG is healthy.   IIRC this is part
of fips140.   NB: Since the output
is hashed you have to look at the raw bits for a health
check.  (Listening Intel?)

You shouldn't be able to trash a bridge by changing
the carbon-doping level of the steel.  Because bridges
and other critical systems should be designed with big safety margins.  And
inspected periodically.  Much like a RNG.

GoldenGateMonger












  





home help back first fref pref prev next nref lref last post