[This is getting tiresome. Unless someone has something *new* to say,
this is the end of the thread. --pm]
On 3 Feb 2000, lcs Mixmaster Remailer wrote:
> On Wed, 2 Feb 2000, Martin Minow wrote:
>
> > > http://www.cryptography.com/intelRNG.pdf.
> >
> > The one problem I have with the RNG, based on my reading of the
> > analysis, is that programmers cannot access the "raw" bitstream,
> > only the stream after the "digital post-processing" that converts
> > the bitstream into a stream of balanced 1 and 0 bits.
>
> Why do you want this? The post-processing is a simple Von Neumann bias
> remover that looks for 0-1 and 1-0 transitions (actually slightly more
> complex, looking at triplets of bits rather than pairs, but the same
> idea).
Call me a conspiracy theorist if you will, but a test which reveals some
internal structure to a system gives me a much more warm and fuzzy feeling
than one which simply concludes 'It seems to work perfectly.' It may be
silly, but I tend to think people are much less likely to fake the former
than the latter.
> The benefit you would gain from being able to see this biased data
> must be balanced against the harm that will result from some people
> accidentally using it in the belief that it is secure.
Don't tell the kids about contraception either. It'll make them fuck like
bunnies.
> > The work on the studying the output of Intel's RNG has only had accessed
> > to the post-processed output, plus I believe a file directly from Intel
> > which was claimed to be unprocessed output. Yeah ... right.
>
> The post-processed output was processed via the Von Neumann bias remover,
> and that's the way the data comes off the chip. It is entirely appropriate
> to analyze such output in looking at the quality of the randomness
> produced by the chip.
>From http://www.cryptography.com/intelRNG.pdf
<quote>
For this review, Cryptography Research performed a series of tests and
evaluated the results of experiments performed by Intel. Raw data and
design specifications for the analysis were provided by Intel.
</quote>
Does anybody know if Cryptography Research is re-running those tests on
data from an actual chip now? It's not like publishing a spec magically
makes all the tests which should be done with it happen, libertarian
precepts to the contrary.
> > If Intel wants people to trust them, they should quit acting like they're
> > covering for bad engineering.
>
> So, what would satisfy you? Kocher has published the theory of the
> device, but that's not good enough. What more do you need?
I'd like for the theory to be published with Intel's name on it, not
Kocher's, which someone else pointed out hasn't happened yet.
> Short of this level of monitoring, it is impossible to be sure that the
> chip in your computer is free of backdoors (and even then you have to
> worry about somebody sneaking into your house and swapping CPU boards on
> you). Face it: no matter what they do, people are going to bitch, just
> like they do at every other crypto or security company in the industry.
> There's no satisfying some people.
Ad hominen attacks and claims of unfalsifiability being reasonable aside,
there is something which would make me happy.
Chip manufacturers reverse-engineer each other's stuff all the time. I'd
like one of Intel's competitors to publically state 'We took apart a
Pentium III and it's RNG really works the way Intel says.'
-Bram
