In message <[EMAIL PROTECTED]>, Colin Plumb writes:
>
> Well, as I mentioned, I said so in fairly emphatic terms once already,
> although I don't know whether such access was planned or if my comments
> had any effect. I'm having another, more detailed discussion with the
> responsible designers on thursday. I'll have to find out what details
> are okay to repeat here, but I can obviously discuss what I plan to
> bring in.
What I was told at RSA was that the SHA-1 whitening was done by the driver.
The driver (I think it was the driver, rather than the hardware) also does
its own quality checks on the hardware RNG.
>
> My basic point is the same as the above: software can whiten the bit
> stream just as easily as hardware, so including any such processing
> in hardware is not a very valuable use of transisitors. However,
> access to the unwhitened bitstream is essential for quality assurance
> purposes. Serious users need that to assess the quality of the random
> numbers and, indeed, whether the generator has failed entirely.
>
> If anyone would like to add the weight of their names to my discussion,
> I'd be happy to include a list of people who agree with me.
>
> Just send me some e-mail with
> - Any contact information beyond name @ e-mail you want oe to include
> - Any amplification on my basic point that you'd like to include.
> - A title, position, or similar brief statement of qualifications
>
> Does that seem reasonable?
> --
> -Colin
>
> (I'm also curious what people think is a good rate. I think we surprised
> them by saying that one bit per second was adequate. Anything more can
> be generated by cryptographic means.)
I asked about speed; I was told that that isn't public yet. I do not
agree that one bit per second is adequate. Apart from any question of
the strength of the cryptographic RNG, it means that it would take many
minutes to have enough entropy for even a single true-random DH exchange.
Their own goal was "fast enough for IPSEC", which is not that fast, though
more, I would guess, than your statement.
