Ryan Hurst wrote:
>
> Ben --
> I do not understand; after reading the Cryptography research design
> review (http://www.cryptography.com/intelRNG.pdf ) and the Intel technical
> brief it sounds as if its design is solid, I do understand that the output
> received though the CryptoAPI interface to the RNG can not be tested for bit
> distribution (or more specifically; it would do no good to do so) since with
> the interface used by CAPI
> (ftp://download.intel.com/design/security/rng/rng-capi.pdf) the output data
> is ran through a SHA-1 mixer removing any remaining statistical properties;
> but this is a desired behavior; right?
It is desired, but...
> There could also be the argument that
> there is no such thing as a TRNG, but for sake of this discussion I am not
> thinking along these lines.
>
> By no means am I an expert in this subject matter and would appreciate an
> explanation of your statement for my own edification.
...the issue is not its (supposed) design, but the fact that Intel have
consistently refused to permit independent review of the design and its
implementation. This means that we cannot know what, in fact, the
"random" numbers actually are. For all we know they are completely
deterministic.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
