On Thu, Feb 16, 2012 at 8:20 AM, Phillip Hallam-Baker <[email protected]> wrote: > It would be really nice if there was some way to audit RNGs algorithmically...
Separate the HW RNG and other entropy gathering parts from the rest of the RNG (i.e., the entropy pool, the mixer, the extractor), and you provide a per-device seed for testing. To test you put the device in test mode so that the only entropy will be from the test seed, thus making the RNG completely deterministic. The production mode can also use the test (or another per-device) seed and date/time of boot to initialize the entropy pool, just in case the HW RNG get stuck on all ones or all zeros (or all nines). Testing production mode can also be done by, e.g., statistical analysis of the RNG outputs (and inputs) under various operating conditions (e.g., different temperatures, etc...), and by extracting a copy of the entropy pool contents once to check that the RNG is not deterministic from that point forward (because new entropy gets mixed in). But you have to make sure that any test modes can't be enabled without tampering with the physical device. Once the device is sealed you should not be able to test the RNG in any way other than by statistical analysis of its outputs. Nico -- _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
