On Thu, Sep 12, 2013 at 11:00:47AM -0400, Perry E. Metzger wrote: > > In addition to getting CPU makers to always include such things, > however, a second vital problem is how to gain trust that such RNGs > are good -- both that a particular unit isn't subject to a hardware > defect and that the design wasn't sabotaged. That's harder to do.
Or that a design wasn't sabotaged intentionally wasn't sabotaged accidentally while dropping it into place in a slightly different product. I've always thought highly of the design of the Hifn RNG block, and the outside analysis of it which they published, but years ago at Reefedge we found a bug in its integration into a popular Hifn crypto processor that evidently had slipped through the cracks -- I discussed it in more detail last year at http://permalink.gmane.org/gmane.comp.security.cryptography.randombit/3020 . Thor _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
