RE: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets.

Sun, 09 Sep 2001 09:42:32 -0700 

Ben --
        I do not understand; after reading the Cryptography research design
review (http://www.cryptography.com/intelRNG.pdf ) and the Intel technical
brief it sounds as if its design is solid, I do understand that the output
received though the CryptoAPI interface to the RNG can not be tested for bit
distribution (or more specifically; it would do no good to do so) since with
the interface used by CAPI
(ftp://download.intel.com/design/security/rng/rng-capi.pdf) the output data
is ran through a SHA-1 mixer removing any remaining statistical properties;
but this is a desired behavior; right? There could also be the argument that
there is no such thing as a TRNG, but for sake of this discussion I am not
thinking along these lines.

By no means am I an expert in this subject matter and would appreciate an
explanation of your statement for my own edification.

Thanks,

Ryan

-----Original Message-----
From: Ben Laurie [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, September 09, 2001 4:50 AM
To: [EMAIL PROTECTED]
Cc: 'Rich Salz'; Openssl-Users ([EMAIL PROTECTED])
Subject: Re: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip
sets.

Ryan Hurst wrote:
> 
> Granted; guess I should not have given such high praise to the
> quality/uniqueness of that this device produces since they do not provide
> information on its design nor state that it has been evaluated by any
> qualified independent reviewers. My assumption was and I guess still (to
> some degree) that the quality of input material available in a hardware
> based implementation is far superior to what is available to a software
> implementation (like egd.pl, etc.) At a minimum this driver/hardware
> essentially gives windows users a /dev/urandom which they have been
missing.

Except that there's no evidence it is random at all.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to