Date: Tue, 10 Aug 1999 11:05:44 -0400
From: "Arnold G. Reinhold" <[EMAIL PROTECTED]>
A hardware RNG can also be added at the board level. This takes
careful engineering, but is not that expensive. The review of the
Pentium III RNG on www.cryptography.com seems to imply that Intel is
only claiming patent protection on its whitening circuit, which is
superfluous, if not harmful. If so, their RNG design could be copied.
I've always thought there was a major opportunity for someone to come up
with an ISA (or perhaps even a PCI) board which had one or more circuits
(you want more than one for redundancy) that contained a noise diode
hooked up to a digitizing circuit. As long as the hardware interface
was open, all of the hard parts of a hardware RNG, could be done in
software.
Besides the whitner, the other thing that you really have to do (and
which makes a hardware RNG harder than some people assume) are checks to
make sure it is still functioning correctly, and to switch to another
input source if one of the channels starts producing all zeros, or all
ones, or some other noticeable pattern. (Something which would be
*good* to do periodically is to run an FFT over the raw data sent out
from the hardware RNG circuit, and make sure the power spectra doesn't
show any obvious changes.)
The point is that it should be possible to make an Open Hardware RNG
board fairly cheaply, and then someone could work on the some Open
Source Software which would actually do all of the hard parts that don't
have to be done in silicon. I understand that the Linux Free S/Wan
project might not want to rely on such a board being present, but
realistically, it's the best way to significantly improve the random
number generation, and people who want that level of security should
perhaps be willing to pay to put one of these boards in their systems.
Sure, we can try to further improve the software /dev/random driver, but
I've always considered it to be a temporary stopgap until everyone
shipped hardware RNG's as a matter of course in their computers.
- Ted
P.S. I'm currently attending the Linux World conference/expo, so my
e-mail latency will be a bit longer than normal this week. I only
skipped through to this thread and read things quickly because it was
interesting; my apologies if I haven't responded to anybody's individual
e-mail's. If you're around, stop by the VA Linux booth; I'll likely be
hanging around there, when I'm not attending the random session at the
show. Cheers!
