On Mon, Sep 28, 2009 at 03:36:46PM -0700, wes wrote: > If that is still not good enough for you, are you prepared to spend what it > takes to meet your needs? > > http://www.araneus.fi/products-alea-eng.html > > Also, I have heard that VIA chipsets have a hardware RNG onboard.
I sell "random numbers", see http://siidtech.com . While a semi-decent hardware RNG can beat the pants off of pure software, any random number generator is only as good as the chain of hardware and software that delivers it to the application, and the wisdom of the programmers and users that design and operate that chain. Hardware RNGs are subject to "side channel attacks", involving crazy manipulations of power, temperature, clock rates, and system noise, especially in untrusted environments. That cute little Araneus RNG USB dongle is a black box. Who knows what back doors it might have, intentional or otherwise. Or whether the USB dongle that is plugged into the computer this week is actually the Araneus dongle you bought (in person) last week, or a counterfeit substituted by the M.I.B. The crazy thing is, unless you tear down to the silicon, you have no way to know whether it has back doors, because there is no way to differentiate between a real random sequence and a high-entropy deterministic one. At best, all you can do is detect the more obvious sequences. A generator that emits the binary digits of pi is purely deterministic, but mathematical randomness tests will call it random. There are an uncountably infinite number of deterministic transcendental numbers like pi and e, BTW. In the end, it becomes a question of trust, either in open software and the people reviewing it for you, or in the skills and sincerity of hardware designers and manufacturers. Use your best judgement, but limit your exposure, and set aside resources to clean up afterwards if you make the wrong choice. Keith -- Keith Lofstrom [email protected] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
