[117889] in Cypherpunks
In Chips We Trust: critical system design
daemon@ATHENA.MIT.EDU (Anonymous)
Tue Sep 14 11:21:46 1999
Date: Tue, 14 Sep 1999 17:01:25 +0200 (CEST)
Message-Id: <199909141501.RAA30596@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@algebra.com
Reply-To: Anonymous <nobody@replay.com>
At 05:30 AM 9/14/99 GMT, phelix@vallnet.com wrote:
>While I certainly agree, I wonder if someone at the Fab could change the
>recipe in some way that would introduce a subtle bias in a random number
>generator. A little extra dopant is all it takes.
Not in a robust RNG design, because a good RNG is designed to tolerate
process, wafer, etc. variability.
Ie, there is enough redundancy in a good design. Enough *safety margin*
built in the analog design, and in the digital hashing of raw bits.
There should always be start-time, and run-time checks
to assure that the RNG is healthy. IIRC this is part
of fips140. NB: Since the output
is hashed you have to look at the raw bits for a health
check. (Listening Intel?)
You shouldn't be able to trash a bridge by changing
the carbon-doping level of the steel. Because bridges
and other critical systems should be designed with big safety margins. And
inspected periodically. Much like a RNG.
GoldenGateMonger