Ben --
I see, doesn't Paul and Ben's review (Cryptography Research) count
as an "independent review" of the architecture. I am sure they were hired to
do the review (hey we all need to get paid); but in either case both are
well known for their mathematical/crypto prowess and I would doubt they
would place their stamp of approval on a design that was knowingly
incorrect.
Is your concern more that the actual "hard design" has not been made open
vs. that its output and stated design has been openly reviewed? I am a big
advocate of looking under the hood; as I am sure most in this list are ;)
but in my case my background is not adequate to think I could more
accurately/thoroughly review the design than Cryptography Research. Not to
say that there are not others who could.
In either case I have enjoyed this discussion, and appreciate your
participation 8-p
Ryan
-----Original Message-----
From: Ben Laurie [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 09, 2001 12:42 PM
To: Ryan Hurst
Cc: '[EMAIL PROTECTED]'; Openssl-Users ([EMAIL PROTECTED])
Subject: Re: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip
sets.
Ryan Hurst wrote:
>
> Ben --
> I do not understand; after reading the Cryptography research
design
> review (http://www.cryptography.com/intelRNG.pdf ) and the Intel technical
> brief it sounds as if its design is solid, I do understand that the output
> received though the CryptoAPI interface to the RNG can not be tested for
bit
> distribution (or more specifically; it would do no good to do so) since
with
> the interface used by CAPI
> (ftp://download.intel.com/design/security/rng/rng-capi.pdf) the output
data
> is ran through a SHA-1 mixer removing any remaining statistical
properties;
> but this is a desired behavior; right?
It is desired, but...
> There could also be the argument that
> there is no such thing as a TRNG, but for sake of this discussion I am not
> thinking along these lines.
>
> By no means am I an expert in this subject matter and would appreciate an
> explanation of your statement for my own edification.
...the issue is not its (supposed) design, but the fact that Intel have
consistently refused to permit independent review of the design and its
implementation. This means that we cannot know what, in fact, the
"random" numbers actually are. For all we know they are completely
deterministic.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
