Thierry Moreau <thierry.mor...@connotech.com> writes: >So, here are a few highlights of my recent findings. I found that too many >notions deserved a description of rationales, and hence a draft-in-progress >document is just stalled.
The problem here is that the debate rapidly goes from engineering to philosophy, and then you get to the religious paradox where anyone who believes in A is condemned to belief-system B's hell, and vice versa. >Only NIST (with the help of NSA and participants in a circa 2004 symposium) >advanced the true random source standardization effort, I'm not sure if they advanced it, perhaps "muddied the waters" might be more accurate. It wasn't so much a problem with NIST itself but with the design process, design-by-committee has never been a good way to do something like this. The other problem is that their long-term goal is to create something certifiable, which means you need repeatability and determinism... for a process that's supposed to be inherently nondeterministic. A better approach would be an RFC 4086-style one, "here are some sound engineering principles, use whatever's appropriate for your situation". Even then you're going to run into religious issues, for example I believe in over-engineering things greatly (an explicit design principle I've used is that any component of the RNG system should be able to fail completely without it affecting the output) while cryptographers tend more towards building a PRF from building blocks with the appropriate cryptographic properties and leaving it at that. Which side is right? (That's a rhetorical question, you can't answer it :-). Oh, and just to throw a spanner in the works: I've never seen any standards document or whatever that discusses what to do when you don't have enough entropy available. There are all sorts of Rube-Goldberg entropy-estimation methods, but what do you do when your entropy-estimation says there's not enough available? Hint: Halting, i.e. preventing things from continuing isn't an option. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography