Ted Ts'o writes:
> Date: Tue, 10 Aug 1999 11:05:44 -0400
> From: "Arnold G. Reinhold" <[EMAIL PROTECTED]>
>
> A hardware RNG can also be added at the board level. This takes
> careful engineering, but is not that expensive. The review of the
> Pentium III RNG on www.cryptography.com seems to imply that Intel is
> only claiming patent protection on its whitening circuit, which is
> superfluous, if not harmful. If so, their RNG design could be copied.
>
> I've always thought there was a major opportunity for someone to come up
> with an ISA (or perhaps even a PCI) board which had one or more circuits
> (you want more than one for redundancy) that contained a noise diode
> hooked up to a digitizing circuit. As long as the hardware interface
> was open, all of the hard parts of a hardware RNG, could be done in
> software.
Everyone seems to be ignoring the fact that there will be a hardware RNG,
well designed and carefully analyzed, installed on nearly every Intel
based system that is manufactured after 1999. There is no need for a
third party board, at least not on Intel architectures.
It is true that Intel has not yet released the specs for accessing the
chip, but software which uses it should start being available soon, and
it will not take long to discover the interface by analyzing the software.
Concern about scarce randomness will be largely obsolete within a couple
of years. The world is full of randomness, it's just that there has been
no significant market for it until recently. Now that Intel has shown
the way, other manufacturers will follow suit. Within the next few years,
any system configured as a crypto server or gateway will have built in
hardware RNGs provided by the manufacturer. These will provide ample
randomness for cryptographic purposes.
