On Thu, 29 Jun 2006, "Hal Finney" wrote:
A few weeks ago I asked for information on using the increasingly
prevalent built-in TPM chips in computers (especially laptops) as a
random number source. I got some good advice and want to summarize the
information for the benefit of others.
Thanks for the useful summary! For the sake of completeness, let me also add
that RNGs in tamper-proof hardware are potentially rather controversial, since
there are several known ways to produce output which looks very random to
anyone who doesn't know some secret, but allows those who do to predict what
future outputs will be. I believe one straightforward way to do this would be
to simply use a symmetric encryption function outputting "random" data blocks
r_i=Encrypt(key, r_(i-1))
If you don't know the secret key, the output will look at least somewhat
random, but if you do, you can use any block to predict all subsequent and
prior ones. (This topic has been discussed in the literature, and my
off-the-cuff example may not be particularly strong.)
I believe it's a fair summary to say that hardware RNG is a neat and useful
feature, but may be unsuitable for the sufficiently paranoid when it comes in
a tamper-proof package.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
