On Thu, Aug 26, 2010 at 12:13:06PM -0400, Perry E. Metzger wrote: > It is difficult to validate that a hardware RNG is working > correctly. How do you know the bits being put off aren't skewed > somehow by a manufacturing defect? How do you know that damage in the > field won't cause the RNG to become less random?
FIPS 140-1 did allow non-deterministic HW RNGs. If you used one then you had to run a boot-time self-test which, while not even close to an exhaustive RNG test, would hopefully detect a HW RNG that had failed. Eric --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
