At 09:15 AM 02/02/2000 -0800, Eric Murray wrote:
>Until Intel releases the design for the RNG, I would treat it the same
>as any suspect source of entropy- assume that it can contain no
>entropy. That means that you whiten its output before mixing it
>together with your other entropy sources (some of which you beleive do
>provide real entropy) to provide random numbers.
Doesn't this add one more level of isolation than you really need?
I'm reading your statement "whiten before mixing" as
pool = hash1( pool, hash2(intelrng) )
as opposed to the presumably-safe-enough
pool = hash1( pool, intelrng )
which mixes in the raw intelrng rather than whitening.
(Hash1 is abstractly whatever complex mixing process you've got,
including keys, multiple entropy sources, etc.)
Do you think there are attacks where this is really necessary,
assuming the pool is used in some hashed fashion rather than
exposed to the public directly?
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
