Crypto hardware that generates "random" numbers can't be tested in production in many useful ways. My suggestion would be to XOR a hardware-generated and a software-generated random number stream. If one fails, whether by accident, malice, or design, the other will still randomize the resulting stream. Belt AND suspenders will keep your source of randomness from being your weakest link.
I think it'd sometimes be better to feed them both into a pool rather than xoring them, since they might go at radically different rates, and xor would limit you to the slower of the two. Of course, for some threat models that would be the right thing.
Cheers,
Ben.
-- ApacheCon! 13-17 November! http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
