On Tue, Jun 19, 2012 at 6:17 AM, Thor Lancelot Simon <t...@panix.com> wrote: > ... > Sanity checks, entropy estimates, and other vetting *which the output > of a DRBG keyed in a known way by your adversary will pass without > a hint of trouble*.
absolutely; after it has gone through DRBG you have zero visibility into state of generation. even von neumann whitening and string filters obscure to some extent. > It seems to me the only reason you'd benefit from access to the raw > source would be if you believed Intel might have goofed the sanity > checks. For my part, I am happy to rely on CRI's assurance that Intel's > sanity checks are good. the sanity checks, being on die, are limited. you can't run DIEHARD against this in a useful manner because the DRBG obscures anything useful. i'll concede the point that you'd only want raw bits to validate CRI and Intel assurances, and they've done due diligence. this is something i like to verify myself; no fault with the Intel design or CRI analysis implied. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
