On 7/3/06, Leichter, Jerry <[EMAIL PROTECTED]> wrote:
You're damned if you do and damned if you don't. Would you want to use a hardware RNG that was *not* inside a tamper-proof package - i.e., inside of a package that allows someone to tamper with it?
Yes. If someone has physical access to your equipment, they could compromise it. On the other hand, if you have access to it, you can establish a baseline and check it for changes. I recall the book titled "Computer Security" by Carroll suggested taking polaroids of all your equipment, and from each window, and other even more paranoid things. As a non-sequitur, in the first edition, he had the following wonderful quote on the dust jacket: ``Computer crime has become the "glamor crime" of the 1970s...'' Perhaps he was a bit ahead of his time.
A "spiked" RNG of the kind you describe is at least somewhat fixable: Choose a fixed secret key and encrypt the output of the generator with the key before using it.... ... nor do you have to fix it for good.)
Were you to periodically take the output of the generator and use it as a new key, you would have something remarkably similar to the fortuna and yarrow PRNGs. If you don't do something like that, you have cycle lengths equal to your input's cycle length, which for the designs we've been discussing, is fixed, so pretty easy to distinguish from random (assuming you have access to enough output). -- Resolve is what distinguishes a person who has failed from a failure. Unix "guru" for sale or rent - http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
